General
-
Target
0f25c5f2a80791d23e6833bb80260b8938b7f98c2c252e0bb9fb0d3cd2608519
-
Size
437KB
-
Sample
240925-drz4tasajl
-
MD5
a2cd8cd721d017908f8f0a7b38dc3f63
-
SHA1
271a273c2d8def199cb58542883cb6127fa1074f
-
SHA256
0f25c5f2a80791d23e6833bb80260b8938b7f98c2c252e0bb9fb0d3cd2608519
-
SHA512
0a83f89259a1190d712511d97d1637ddf1e8d00e57e372302825e95fde4dffbeaa1fc58390f9bca59e650d8e61823d9f7a9e640024f15433318e9db25f6fcaf3
-
SSDEEP
6144:bas0ZLc/IJvCklIqA8mvHwgnHJp9OWqw7zsK0bencTpX4KtjY5Jt/lt0zwzOu6WW:gBFJqk2q1g5ppemr0bAKoNfnQCSWpoSM
Malware Config
Targets
-
-
Target
0f25c5f2a80791d23e6833bb80260b8938b7f98c2c252e0bb9fb0d3cd2608519
-
Size
437KB
-
MD5
a2cd8cd721d017908f8f0a7b38dc3f63
-
SHA1
271a273c2d8def199cb58542883cb6127fa1074f
-
SHA256
0f25c5f2a80791d23e6833bb80260b8938b7f98c2c252e0bb9fb0d3cd2608519
-
SHA512
0a83f89259a1190d712511d97d1637ddf1e8d00e57e372302825e95fde4dffbeaa1fc58390f9bca59e650d8e61823d9f7a9e640024f15433318e9db25f6fcaf3
-
SSDEEP
6144:bas0ZLc/IJvCklIqA8mvHwgnHJp9OWqw7zsK0bencTpX4KtjY5Jt/lt0zwzOu6WW:gBFJqk2q1g5ppemr0bAKoNfnQCSWpoSM
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-