General
-
Target
1efbb4615d46cd7a655e67ceb1eb8f1435f42b60aa3983aeb0755fe7db6131e0
-
Size
2.4MB
-
Sample
241231-1j3aja1jbz
-
MD5
43903d26c88dbe577fffaee6034dfb66
-
SHA1
bc4299027134d935faf64bdf64628a37d1e7a837
-
SHA256
1efbb4615d46cd7a655e67ceb1eb8f1435f42b60aa3983aeb0755fe7db6131e0
-
SHA512
fe0dd0f90d16623a69143b73223c22c509ded4107d9c528a98e520f5e20e1a331a199ebf19844df57e98125a560917bd53e3066493d7d05cd70e00637a5ae8e4
-
SSDEEP
49152:PxTc2H2tFvduyS3I9cTO8a18C/tgRAjsFdIREpW/SvrjskB1mrqv3tj:Vcy2Lk49L8GTtL2pW/STjskBUrqP
Malware Config
Targets
-
-
Target
1efbb4615d46cd7a655e67ceb1eb8f1435f42b60aa3983aeb0755fe7db6131e0
-
Size
2.4MB
-
MD5
43903d26c88dbe577fffaee6034dfb66
-
SHA1
bc4299027134d935faf64bdf64628a37d1e7a837
-
SHA256
1efbb4615d46cd7a655e67ceb1eb8f1435f42b60aa3983aeb0755fe7db6131e0
-
SHA512
fe0dd0f90d16623a69143b73223c22c509ded4107d9c528a98e520f5e20e1a331a199ebf19844df57e98125a560917bd53e3066493d7d05cd70e00637a5ae8e4
-
SSDEEP
49152:PxTc2H2tFvduyS3I9cTO8a18C/tgRAjsFdIREpW/SvrjskB1mrqv3tj:Vcy2Lk49L8GTtL2pW/STjskBUrqP
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Gh0strat family
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Purplefox family
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1