General
-
Target
486d808f848380b92159aa64391b98aa5fcded724566189d0e6016b769792cc8
-
Size
1.8MB
-
Sample
240927-gszq8a1fpd
-
MD5
413058898ec4af5111184451b0ebe047
-
SHA1
d69f47dd5b55dce88cf44db4fc4d0d6672f842ed
-
SHA256
486d808f848380b92159aa64391b98aa5fcded724566189d0e6016b769792cc8
-
SHA512
df28bc55f0cd4daae3fbe490f53ae38590fcba8f86f22f306b0a39c7ddfcd3b20fc5defd4d806f1a81a51a130e1d373f41a886efe6d48da1ba0d85eb5ff33b06
-
SSDEEP
49152:T09XJt4HIN2H2tFvduySOpeoEZPItx2apeapelI:gZJt4HINy2LkroltUvlI
Malware Config
Targets
-
-
Target
486d808f848380b92159aa64391b98aa5fcded724566189d0e6016b769792cc8
-
Size
1.8MB
-
MD5
413058898ec4af5111184451b0ebe047
-
SHA1
d69f47dd5b55dce88cf44db4fc4d0d6672f842ed
-
SHA256
486d808f848380b92159aa64391b98aa5fcded724566189d0e6016b769792cc8
-
SHA512
df28bc55f0cd4daae3fbe490f53ae38590fcba8f86f22f306b0a39c7ddfcd3b20fc5defd4d806f1a81a51a130e1d373f41a886efe6d48da1ba0d85eb5ff33b06
-
SSDEEP
49152:T09XJt4HIN2H2tFvduySOpeoEZPItx2apeapelI:gZJt4HINy2LkroltUvlI
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1