General
-
Target
c51752598a8684c3d1320e3a7ced644e4df19f479b057d3308a72f38e937fa03
-
Size
1.2MB
-
Sample
250101-wgjm7awlby
-
MD5
812f246c8fcdb5e2db6206ef39141c08
-
SHA1
2b02e2d59c7c0d15e45c65018a1292d9dade202c
-
SHA256
c51752598a8684c3d1320e3a7ced644e4df19f479b057d3308a72f38e937fa03
-
SHA512
3ba1ed37e6ef89b4b499aa9a7d55e69efa1a0d56f294d7debe7846838d11dc0a140279c7a17212df221aa9143f820c63e11e9f4db6cb16cc3b06f53f857e7f82
-
SSDEEP
24576:HovxCwgMBqHO5ZdYXOp0nQrXctTfK+d+MrTXowFlw57XYBwJtin:WIwgMEuy+inDfp3/XoCw57XYBwKn
Malware Config
Targets
-
-
Target
c51752598a8684c3d1320e3a7ced644e4df19f479b057d3308a72f38e937fa03
-
Size
1.2MB
-
MD5
812f246c8fcdb5e2db6206ef39141c08
-
SHA1
2b02e2d59c7c0d15e45c65018a1292d9dade202c
-
SHA256
c51752598a8684c3d1320e3a7ced644e4df19f479b057d3308a72f38e937fa03
-
SHA512
3ba1ed37e6ef89b4b499aa9a7d55e69efa1a0d56f294d7debe7846838d11dc0a140279c7a17212df221aa9143f820c63e11e9f4db6cb16cc3b06f53f857e7f82
-
SSDEEP
24576:HovxCwgMBqHO5ZdYXOp0nQrXctTfK+d+MrTXowFlw57XYBwJtin:WIwgMEuy+inDfp3/XoCw57XYBwKn
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Gh0strat family
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Purplefox family
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Adds Run key to start application
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2