General
-
Target
778273cf667b788d0adcf8ebd0aadd9dd86041ed75b2643af9937583c1cb282f
-
Size
1.4MB
-
Sample
240923-wssegazcjg
-
MD5
1806dc6b5b300656f5d1fb208a927119
-
SHA1
f94ca0f413c2d96bac64aa3beccebe99e31f035d
-
SHA256
778273cf667b788d0adcf8ebd0aadd9dd86041ed75b2643af9937583c1cb282f
-
SHA512
a163da6a1206a64a46eae6cd75eebe8b07cfc6de8a5afb618bf3e48a1910a92908020563f2e0a0ad4ecce18c2211f19093856e0bed50f95e56de12516c79b44b
-
SSDEEP
24576:V89tv9/7JtDElDEExIecl1erdg0MCiVWhR/3y/dw:V89XJt4HIZ/Gg0P+WhVy/dw
Malware Config
Targets
-
-
Target
778273cf667b788d0adcf8ebd0aadd9dd86041ed75b2643af9937583c1cb282f
-
Size
1.4MB
-
MD5
1806dc6b5b300656f5d1fb208a927119
-
SHA1
f94ca0f413c2d96bac64aa3beccebe99e31f035d
-
SHA256
778273cf667b788d0adcf8ebd0aadd9dd86041ed75b2643af9937583c1cb282f
-
SHA512
a163da6a1206a64a46eae6cd75eebe8b07cfc6de8a5afb618bf3e48a1910a92908020563f2e0a0ad4ecce18c2211f19093856e0bed50f95e56de12516c79b44b
-
SSDEEP
24576:V89tv9/7JtDElDEExIecl1erdg0MCiVWhR/3y/dw:V89XJt4HIZ/Gg0P+WhVy/dw
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1