General
-
Target
8ba66ba57a34ce1307fc690cc5558c2e586f3a40fa764bcdc0e9a9eed1202f13
-
Size
570KB
-
Sample
240901-eal2as1anl
-
MD5
0764754e3c7cb3029e909836c88cfdd6
-
SHA1
ff1fced4daa023bead81dcc0a59d2fa73253bd53
-
SHA256
8ba66ba57a34ce1307fc690cc5558c2e586f3a40fa764bcdc0e9a9eed1202f13
-
SHA512
3e771d510d84382a0f721558556a9f09800a898c732a1470a75a824ebe8c5baf368ae312d44e9b2906bdf0665fa25885551040da6c99b893cd15f9687f14721c
-
SSDEEP
12288:YvHGGN4SBYkvIaH7N+XzSdGecOF/mJzAlZDTVS27mJgAn:YfPFgU7NHcOWzALVSRfn
Malware Config
Targets
-
-
Target
179dab5fc5a32307466541f88cfc1992cb96664218711f6d525586976c9d44ad.exe
-
Size
1.3MB
-
MD5
6afc02ebd26a5ff5bd62d93a9e0f627e
-
SHA1
af04446a727c3b117a9314449b0db0a31fe01b1d
-
SHA256
179dab5fc5a32307466541f88cfc1992cb96664218711f6d525586976c9d44ad
-
SHA512
3d9c6d0edf2a87f0e7c2cbbd4b1c103949a145c423f74f12dec6465471cb52bb0a9bcaea4f25b8ee907834b913245d2fd9ef806947c19c6503ee20f31d4a3986
-
SSDEEP
24576:dOyHutimZ9VSly2hVvHW6qMnSbTBBhBMNl:QHPkVOBTK
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1