General
-
Target
2d5ffda96e814502aa061f65be30263a9eb49b99287aa6463597c7db97e36cf3
-
Size
768KB
-
Sample
241204-h98acssqel
-
MD5
9fe9d0e955163eaed02c2057bd5cd64f
-
SHA1
9b00daef7fe5bd2c3c158f88e6d6156a97e51f3f
-
SHA256
2d5ffda96e814502aa061f65be30263a9eb49b99287aa6463597c7db97e36cf3
-
SHA512
87685accc5ecf950ce9f0cf6790c1226cee0fb6f7992862b626937f1705339d1322277f332c5ae6a60ac80d05dee0c1f2f4b3282831fc5bc325435e250e23e6a
-
SSDEEP
12288:17t1Ft32FrpyD7ZIH4ENxTk8+Gb8vEFaKb+95dNVBSSmGL5:hVpD7ZIHpNH9BNEBSSmG9
Malware Config
Targets
-
-
Target
2d5ffda96e814502aa061f65be30263a9eb49b99287aa6463597c7db97e36cf3
-
Size
768KB
-
MD5
9fe9d0e955163eaed02c2057bd5cd64f
-
SHA1
9b00daef7fe5bd2c3c158f88e6d6156a97e51f3f
-
SHA256
2d5ffda96e814502aa061f65be30263a9eb49b99287aa6463597c7db97e36cf3
-
SHA512
87685accc5ecf950ce9f0cf6790c1226cee0fb6f7992862b626937f1705339d1322277f332c5ae6a60ac80d05dee0c1f2f4b3282831fc5bc325435e250e23e6a
-
SSDEEP
12288:17t1Ft32FrpyD7ZIH4ENxTk8+Gb8vEFaKb+95dNVBSSmGL5:hVpD7ZIHpNH9BNEBSSmG9
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Gh0strat family
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Purplefox family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-