General
-
Target
74af65cf10f2506e46284def819fee7ac7768a9361433caef9d9f150e8878fcf
-
Size
1.5MB
-
Sample
240924-3jqylsvcpc
-
MD5
897584b7b829aa3f348fd98275f18f26
-
SHA1
05e544d177ce6a26fc9e70de8265a4ed00e6ee59
-
SHA256
74af65cf10f2506e46284def819fee7ac7768a9361433caef9d9f150e8878fcf
-
SHA512
6578a2c91c13b0e9b2830b49c28f393f9faae2540ac02db3a94416815f1e861ee5beab7e8f350c2b2644a46be55ff2887c694b98e9e1a76df1c6cc4ed49dcc1e
-
SSDEEP
24576:w09tv9/7JtDElDEExIko2H2HESq2eWJ6MQjySjy+vR0c:w09XJt4HIN2H2tFvduySIc
Malware Config
Targets
-
-
Target
74af65cf10f2506e46284def819fee7ac7768a9361433caef9d9f150e8878fcf
-
Size
1.5MB
-
MD5
897584b7b829aa3f348fd98275f18f26
-
SHA1
05e544d177ce6a26fc9e70de8265a4ed00e6ee59
-
SHA256
74af65cf10f2506e46284def819fee7ac7768a9361433caef9d9f150e8878fcf
-
SHA512
6578a2c91c13b0e9b2830b49c28f393f9faae2540ac02db3a94416815f1e861ee5beab7e8f350c2b2644a46be55ff2887c694b98e9e1a76df1c6cc4ed49dcc1e
-
SSDEEP
24576:w09tv9/7JtDElDEExIko2H2HESq2eWJ6MQjySjy+vR0c:w09XJt4HIN2H2tFvduySIc
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1