General
-
Target
cd5657aea117a381cc19fc03da692246e891ad2d75d1305919b6ee6bec8aaa12
-
Size
3.9MB
-
Sample
240917-qnt5lsvhkn
-
MD5
43f5b729b317b2113e02651f69deedfd
-
SHA1
774c8cc806e4f1a4a2e6f4bcdb747752ae37b4de
-
SHA256
cd5657aea117a381cc19fc03da692246e891ad2d75d1305919b6ee6bec8aaa12
-
SHA512
235d72e1e6ae19000e3bb78c8a8e7013805a3ec15bfd3b34348352e2cdbcc106034e2a7b569b65ec66b780a50b88c508ca40dd1fa706b7ab7e76a6b4ebed013f
-
SSDEEP
98304:xZJt4HIZOgmhIVVVVVVVVVVVVVjVVVVVVTVVVVpVGVTVVVVVVVVVVVVTVVVVVVV9:DiIZO72VVVVVVVVVVVVVjVVVVVVTVVVS
Malware Config
Targets
-
-
Target
cd5657aea117a381cc19fc03da692246e891ad2d75d1305919b6ee6bec8aaa12
-
Size
3.9MB
-
MD5
43f5b729b317b2113e02651f69deedfd
-
SHA1
774c8cc806e4f1a4a2e6f4bcdb747752ae37b4de
-
SHA256
cd5657aea117a381cc19fc03da692246e891ad2d75d1305919b6ee6bec8aaa12
-
SHA512
235d72e1e6ae19000e3bb78c8a8e7013805a3ec15bfd3b34348352e2cdbcc106034e2a7b569b65ec66b780a50b88c508ca40dd1fa706b7ab7e76a6b4ebed013f
-
SSDEEP
98304:xZJt4HIZOgmhIVVVVVVVVVVVVVjVVVVVVTVVVVpVGVTVVVVVVVVVVVVTVVVVVVV9:DiIZO72VVVVVVVVVVVVVjVVVVVVTVVVS
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1