General
-
Target
b37632b07ef94c60d3e62e21eb14d1a44d9dc8f298a9422c0fd05b54200b24fb
-
Size
2.0MB
-
Sample
240914-ewq75sxapa
-
MD5
5d7d3b57a5122f05256cfc8785db1e42
-
SHA1
db88569d3be0a1ae6b72c44ab99977b6df7e6a52
-
SHA256
b37632b07ef94c60d3e62e21eb14d1a44d9dc8f298a9422c0fd05b54200b24fb
-
SHA512
1f0ab6c5cc25616fa24f3b08d44aad1137d7d0b9d731905b12197be720b67ab1280dc026527864e77c3d56a83fb0f0e4b9675068950c5b26a51effda11416bc7
-
SSDEEP
49152:GTOKWzJByScEAvSNWN/TtA7lbv1zQfA1ZoEZuTuGXBpBu:TKMFZs/T8bBQIr+u
Malware Config
Targets
-
-
Target
该女子返程被一名戴口罩男子尾随视频流出.exe
-
Size
2.6MB
-
MD5
624f003dac0831d062d75c5fcd83cf0b
-
SHA1
40019566841bd1c70eeaafddd50319267bdd31dd
-
SHA256
d12aa8d3f49c9e7cff372b8111bf7dcea27be046b2c7328098a5159fb97d840d
-
SHA512
0081a9ba52dab04c5c31482d752033d30d11cab1307ccf1d40410d67521b6fb910e0fca06a443935494d1ee99335a95c3c2f7939ea278b29d18c17cdce918ad6
-
SSDEEP
49152:t1vqjdPQwZwViOoOMV+ZsZlRt8DVbP1xgp0FnKyZCbmGpVTT3:t1vqjlALilRu7vg6vW3
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-