General
-
Target
63f57f1dea0144625b94685e60aaebca5151c8563ba6f57c17a9a05dfb153147
-
Size
4.2MB
-
Sample
241106-13rcdayjcy
-
MD5
5b32cbe63dd9379f9b72ed889f3478bf
-
SHA1
8c54b1e34dc232b07572370ca024dec3f87786e8
-
SHA256
63f57f1dea0144625b94685e60aaebca5151c8563ba6f57c17a9a05dfb153147
-
SHA512
2dd6038478364216714be07a973e71386af89084016843863fc53673d8e2d8effc51b7a602d62df35b3b0f19f1bd400d98b3992a770d2fae98f4227679821ca6
-
SSDEEP
98304:bws2ANnKXOaeOgmhRacsSKazFWSJ8NfZNxmSxzHBhX:9KXbeO7vaKMSmf1mazf
Malware Config
Targets
-
-
Target
63f57f1dea0144625b94685e60aaebca5151c8563ba6f57c17a9a05dfb153147
-
Size
4.2MB
-
MD5
5b32cbe63dd9379f9b72ed889f3478bf
-
SHA1
8c54b1e34dc232b07572370ca024dec3f87786e8
-
SHA256
63f57f1dea0144625b94685e60aaebca5151c8563ba6f57c17a9a05dfb153147
-
SHA512
2dd6038478364216714be07a973e71386af89084016843863fc53673d8e2d8effc51b7a602d62df35b3b0f19f1bd400d98b3992a770d2fae98f4227679821ca6
-
SSDEEP
98304:bws2ANnKXOaeOgmhRacsSKazFWSJ8NfZNxmSxzHBhX:9KXbeO7vaKMSmf1mazf
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Gh0strat family
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Purplefox family
-
Drops file in Drivers directory
-
Server Software Component: Terminal Services DLL
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Server Software Component
1Terminal Services DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1