General
-
Target
a0d150500d5258d2c4eaf4cc6e5ee686681dfbbef08b5ccf862ce704b87aac58
-
Size
3.3MB
-
Sample
240907-r19lha1brf
-
MD5
2ff798c2b43dc19db08a93846983c5f6
-
SHA1
905b30577d3de8d64465a4e6af44c9649df77655
-
SHA256
a0d150500d5258d2c4eaf4cc6e5ee686681dfbbef08b5ccf862ce704b87aac58
-
SHA512
325e6ff02f3ad7fb223a421c315fe42769033ef8281e4532016e9ec56d364ac02a8e995dc5f5a62ce909bb66f05509d386eb27928307cc735a2b6e37d4c3f916
-
SSDEEP
49152:81sOWFJbtSMXoTLq73xKaW/HsclmJSVARa86xzW3xRoyqqxrTz:81sOWFJbtSMX3xKaWPsclWSV7Sxyqxr3
Malware Config
Targets
-
-
Target
a0d150500d5258d2c4eaf4cc6e5ee686681dfbbef08b5ccf862ce704b87aac58
-
Size
3.3MB
-
MD5
2ff798c2b43dc19db08a93846983c5f6
-
SHA1
905b30577d3de8d64465a4e6af44c9649df77655
-
SHA256
a0d150500d5258d2c4eaf4cc6e5ee686681dfbbef08b5ccf862ce704b87aac58
-
SHA512
325e6ff02f3ad7fb223a421c315fe42769033ef8281e4532016e9ec56d364ac02a8e995dc5f5a62ce909bb66f05509d386eb27928307cc735a2b6e37d4c3f916
-
SSDEEP
49152:81sOWFJbtSMXoTLq73xKaW/HsclmJSVARa86xzW3xRoyqqxrTz:81sOWFJbtSMX3xKaWPsclWSV7Sxyqxr3
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-