General
-
Target
1e7739ad70bec9c13d504108309adb9dd7f285e9c4dfe2db93be7b443d737d9d
-
Size
2.5MB
-
Sample
241202-hd166syrcn
-
MD5
94afa8397628643a0154de06336b72c3
-
SHA1
e2a2be8af1f72c8a9af5dc6d46f111944a95a4df
-
SHA256
1e7739ad70bec9c13d504108309adb9dd7f285e9c4dfe2db93be7b443d737d9d
-
SHA512
f19740433e6964b8c9b1d64f4a6475028a58b318ac8450843883ab675c0118c90696f94490132f3bf5c62c6a28d600c1e65e52158769e95f740612ef3d6ffe32
-
SSDEEP
24576:HCwsbKgbQ5NANIvGTYwMHXA+wT1kfTw4SIuvB74fgt7ibhRM5QhKehFdMtRj7nH+:HCwsbCANnKXferL7Vwe/Gg0P+Whl6o
Malware Config
Targets
-
-
Target
1e7739ad70bec9c13d504108309adb9dd7f285e9c4dfe2db93be7b443d737d9d
-
Size
2.5MB
-
MD5
94afa8397628643a0154de06336b72c3
-
SHA1
e2a2be8af1f72c8a9af5dc6d46f111944a95a4df
-
SHA256
1e7739ad70bec9c13d504108309adb9dd7f285e9c4dfe2db93be7b443d737d9d
-
SHA512
f19740433e6964b8c9b1d64f4a6475028a58b318ac8450843883ab675c0118c90696f94490132f3bf5c62c6a28d600c1e65e52158769e95f740612ef3d6ffe32
-
SSDEEP
24576:HCwsbKgbQ5NANIvGTYwMHXA+wT1kfTw4SIuvB74fgt7ibhRM5QhKehFdMtRj7nH+:HCwsbCANnKXferL7Vwe/Gg0P+Whl6o
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Gh0strat family
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Purplefox family
-
Drops file in Drivers directory
-
Server Software Component: Terminal Services DLL
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Server Software Component
1Terminal Services DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1