General
-
Target
6ef75442a68ae42bc42480b4a34cef6ac120e314b85929bd005e2e376c44a445
-
Size
1.3MB
-
Sample
240929-ftk4sa1cqj
-
MD5
4caadcf8452526c30b29ba2e933071ee
-
SHA1
38b1eb7725a28ab401f483a83f8da914e61cfdeb
-
SHA256
6ef75442a68ae42bc42480b4a34cef6ac120e314b85929bd005e2e376c44a445
-
SHA512
d29218f01bafd90fc2d4ed504622eb5751785d0ec70629b3e0cce17b1c67ad3b3468b6e9edec1ec20a19e58a670295bced7b9aabb0dff835062a0af6ad74d2d5
-
SSDEEP
24576:dOyHutimZ9VSly2hVvHW6qMnSbTBBhBMNy:QHPkVOBTK
Malware Config
Targets
-
-
Target
6ef75442a68ae42bc42480b4a34cef6ac120e314b85929bd005e2e376c44a445
-
Size
1.3MB
-
MD5
4caadcf8452526c30b29ba2e933071ee
-
SHA1
38b1eb7725a28ab401f483a83f8da914e61cfdeb
-
SHA256
6ef75442a68ae42bc42480b4a34cef6ac120e314b85929bd005e2e376c44a445
-
SHA512
d29218f01bafd90fc2d4ed504622eb5751785d0ec70629b3e0cce17b1c67ad3b3468b6e9edec1ec20a19e58a670295bced7b9aabb0dff835062a0af6ad74d2d5
-
SSDEEP
24576:dOyHutimZ9VSly2hVvHW6qMnSbTBBhBMNy:QHPkVOBTK
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1