General
-
Target
775312f8e0b4e1c41fcdf8f780a0727620917fbcb5577a79ac0a7617611d0566
-
Size
2.6MB
-
Sample
241228-3rrvwawkcl
-
MD5
e1f2b6e09239a0d65ea38c33300de829
-
SHA1
40a4d37f5d56052632ba88deb6dcc7f1d0434740
-
SHA256
775312f8e0b4e1c41fcdf8f780a0727620917fbcb5577a79ac0a7617611d0566
-
SHA512
5f08e599dc4f63e55582f08b71d014a74a8b02f3efdb1641170f2bb380dc875e1be7a46ef9162374d1a9713755317468bf89ed1b5f351c07b82aa74afd1e30ee
-
SSDEEP
49152:OCwsbCANnKXferL7Vwe/Gg0P+WhIsABTuV:pws2ANnKXOaeOgmhI1BTuV
Malware Config
Targets
-
-
Target
775312f8e0b4e1c41fcdf8f780a0727620917fbcb5577a79ac0a7617611d0566
-
Size
2.6MB
-
MD5
e1f2b6e09239a0d65ea38c33300de829
-
SHA1
40a4d37f5d56052632ba88deb6dcc7f1d0434740
-
SHA256
775312f8e0b4e1c41fcdf8f780a0727620917fbcb5577a79ac0a7617611d0566
-
SHA512
5f08e599dc4f63e55582f08b71d014a74a8b02f3efdb1641170f2bb380dc875e1be7a46ef9162374d1a9713755317468bf89ed1b5f351c07b82aa74afd1e30ee
-
SSDEEP
49152:OCwsbCANnKXferL7Vwe/Gg0P+WhIsABTuV:pws2ANnKXOaeOgmhI1BTuV
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Gh0strat family
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Purplefox family
-
Drops file in Drivers directory
-
Server Software Component: Terminal Services DLL
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Server Software Component
1Terminal Services DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1