General
-
Target
98e842c4a55dc7acf1ea063fd813459ee4f67a656392540cfb7d12e362414a7c
-
Size
1.3MB
-
Sample
241216-fxcxkswkd1
-
MD5
386c57a4359986c9d82bee94d9db1fe6
-
SHA1
6d584c365ba9946ff5061cb46283e254e65111a2
-
SHA256
98e842c4a55dc7acf1ea063fd813459ee4f67a656392540cfb7d12e362414a7c
-
SHA512
2f397849ecbbb0f5323f4153a573cd46ec3e4e220a0059494653fd944d048aec9d00be87508e19925f57827afe5335e617d1a160dca53abe580598e59e37c1b1
-
SSDEEP
24576:N09tv9/7JtDElDEExIko2H2HESq2eWJ6MQjySjy+VGL7wJ+s:N09XJt4HIN2H2tFvduyS3X
Malware Config
Targets
-
-
Target
98e842c4a55dc7acf1ea063fd813459ee4f67a656392540cfb7d12e362414a7c
-
Size
1.3MB
-
MD5
386c57a4359986c9d82bee94d9db1fe6
-
SHA1
6d584c365ba9946ff5061cb46283e254e65111a2
-
SHA256
98e842c4a55dc7acf1ea063fd813459ee4f67a656392540cfb7d12e362414a7c
-
SHA512
2f397849ecbbb0f5323f4153a573cd46ec3e4e220a0059494653fd944d048aec9d00be87508e19925f57827afe5335e617d1a160dca53abe580598e59e37c1b1
-
SSDEEP
24576:N09tv9/7JtDElDEExIko2H2HESq2eWJ6MQjySjy+VGL7wJ+s:N09XJt4HIN2H2tFvduyS3X
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Gh0strat family
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Purplefox family
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1