General
-
Target
180f22d39de610fcf05fab5ddfb2f37106b41e973b68a5fb169eae9ab8b1ae09
-
Size
729KB
-
Sample
241109-1gqhyssgpe
-
MD5
bd3b4858bdc266887aa3c2cb8472aa59
-
SHA1
bf0bd003cbf99f008245c62dec77f5513e43101d
-
SHA256
180f22d39de610fcf05fab5ddfb2f37106b41e973b68a5fb169eae9ab8b1ae09
-
SHA512
d1c6026649eca06b39f7f02973c2533b60f15d92e3068b3c9488e45ebd346944cd634c7703c2d971249db983bb2d0200b062f5cd795635085c86a782195fd6c8
-
SSDEEP
12288:Li2cAro2HQVWAHkFSq2hAWJYlMUtrxlyuJVRe8ycEP1/fJk7y7rtCKFPKwCiT8OD:Li2Tro2H2HESq2eWJ6MQjySjyTi7YNPn
Malware Config
Targets
-
-
Target
180f22d39de610fcf05fab5ddfb2f37106b41e973b68a5fb169eae9ab8b1ae09
-
Size
729KB
-
MD5
bd3b4858bdc266887aa3c2cb8472aa59
-
SHA1
bf0bd003cbf99f008245c62dec77f5513e43101d
-
SHA256
180f22d39de610fcf05fab5ddfb2f37106b41e973b68a5fb169eae9ab8b1ae09
-
SHA512
d1c6026649eca06b39f7f02973c2533b60f15d92e3068b3c9488e45ebd346944cd634c7703c2d971249db983bb2d0200b062f5cd795635085c86a782195fd6c8
-
SSDEEP
12288:Li2cAro2HQVWAHkFSq2hAWJYlMUtrxlyuJVRe8ycEP1/fJk7y7rtCKFPKwCiT8OD:Li2Tro2H2HESq2eWJ6MQjySjyTi7YNPn
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Gh0strat family
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Purplefox family
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1