General
-
Target
394a8f10d37c5e0984bdc3379975f2784ba5d0dad3c7ebef82069cc62a5e668e.msi.vir
-
Size
135.8MB
-
Sample
241124-mtzqhaskcp
-
MD5
60a6725c5490188bbdd4d899c58cd735
-
SHA1
67d849ee9a93d73219ded38bced51f5d002d7a34
-
SHA256
394a8f10d37c5e0984bdc3379975f2784ba5d0dad3c7ebef82069cc62a5e668e
-
SHA512
7f72e27545e8e497e0b48960d119a201f7e14dfe0d95e24ce30e92807e731a7bee0139047389c3f1fbae02f7d2c56a057b52c8b79418a05c8331aaf40d009506
-
SSDEEP
3145728:ISlSw/0KksfWneWVr6/4J3DYgxqmz8CZCLLURrFV:FlSw/7ksOneWVm/CDYddLYr
Malware Config
Targets
-
-
Target
394a8f10d37c5e0984bdc3379975f2784ba5d0dad3c7ebef82069cc62a5e668e.msi.vir
-
Size
135.8MB
-
MD5
60a6725c5490188bbdd4d899c58cd735
-
SHA1
67d849ee9a93d73219ded38bced51f5d002d7a34
-
SHA256
394a8f10d37c5e0984bdc3379975f2784ba5d0dad3c7ebef82069cc62a5e668e
-
SHA512
7f72e27545e8e497e0b48960d119a201f7e14dfe0d95e24ce30e92807e731a7bee0139047389c3f1fbae02f7d2c56a057b52c8b79418a05c8331aaf40d009506
-
SSDEEP
3145728:ISlSw/0KksfWneWVr6/4J3DYgxqmz8CZCLLURrFV:FlSw/7ksOneWVm/CDYddLYr
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Gh0strat family
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Purplefox family
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-