General
-
Target
ToDesk.msi.v
-
Size
44.3MB
-
Sample
241003-cabjfsycln
-
MD5
38f3fd63542c29e54b662cba9a075581
-
SHA1
7abcb0cfd955dbd939b28755a170af89fef21d0c
-
SHA256
ada3941a5ae8a179c38db7f66a64387c9e912687636fd131c91fa70d8774acb0
-
SHA512
e84cbd6285613d1fb8cac987bd532fac9759e4eefc6ef5742e024188198bd4e12e7cae6fd6547eba23bab31e82af453ea9410473f1a9baa8f33201a2b3452ee1
-
SSDEEP
786432:IBDBtcKjS6c7wDT8QekxB96x4X6vd3r3RF8jzQfIQItlSYr8WvptrIAkqehm6uy8:IBXVSSge96xx93ROjzQwHlLrR3kXVuy8
Malware Config
Targets
-
-
Target
ToDesk.msi.v
-
Size
44.3MB
-
MD5
38f3fd63542c29e54b662cba9a075581
-
SHA1
7abcb0cfd955dbd939b28755a170af89fef21d0c
-
SHA256
ada3941a5ae8a179c38db7f66a64387c9e912687636fd131c91fa70d8774acb0
-
SHA512
e84cbd6285613d1fb8cac987bd532fac9759e4eefc6ef5742e024188198bd4e12e7cae6fd6547eba23bab31e82af453ea9410473f1a9baa8f33201a2b3452ee1
-
SSDEEP
786432:IBDBtcKjS6c7wDT8QekxB96x4X6vd3r3RF8jzQfIQItlSYr8WvptrIAkqehm6uy8:IBXVSSge96xx93ROjzQwHlLrR3kXVuy8
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-