General
-
Target
dceeb0e6ca47e29f51506674693c88c8a99d68d7811cca0b99681d2fbf19cb1f
-
Size
3.8MB
-
Sample
241106-13qqvayjcv
-
MD5
06d698a71f03ccc4d5e50c8b5e4eb146
-
SHA1
018fcaa2426353725177f9c3aa9598e05309cd38
-
SHA256
dceeb0e6ca47e29f51506674693c88c8a99d68d7811cca0b99681d2fbf19cb1f
-
SHA512
481ee238c3686d28f303b69ffb689217af61e1a2da7c7a341ab1743f1390757becddca08c206980b3bcbf57ea0d59d5b52488098cf788c1e2e3a95d2644d5c10
-
SSDEEP
98304:bws2ANnKXOaeOgmhRacsSKazFWSJ8NfZNxmSS:9KXbeO7vaKMSmf1mf
Malware Config
Targets
-
-
Target
dceeb0e6ca47e29f51506674693c88c8a99d68d7811cca0b99681d2fbf19cb1f
-
Size
3.8MB
-
MD5
06d698a71f03ccc4d5e50c8b5e4eb146
-
SHA1
018fcaa2426353725177f9c3aa9598e05309cd38
-
SHA256
dceeb0e6ca47e29f51506674693c88c8a99d68d7811cca0b99681d2fbf19cb1f
-
SHA512
481ee238c3686d28f303b69ffb689217af61e1a2da7c7a341ab1743f1390757becddca08c206980b3bcbf57ea0d59d5b52488098cf788c1e2e3a95d2644d5c10
-
SSDEEP
98304:bws2ANnKXOaeOgmhRacsSKazFWSJ8NfZNxmSS:9KXbeO7vaKMSmf1mf
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Gh0strat family
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Purplefox family
-
Drops file in Drivers directory
-
Server Software Component: Terminal Services DLL
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Server Software Component
1Terminal Services DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1