General
-
Target
a383b46965ad6b4ea57a4466df3634385932e6f09cf5f882bf7f237bbce5298e
-
Size
1.2MB
-
Sample
250114-jtlxvstqbq
-
MD5
36d00e1c116ad878209f522ad0e1196f
-
SHA1
1c790a685400243ed8844f5cbde4282d0f523e31
-
SHA256
a383b46965ad6b4ea57a4466df3634385932e6f09cf5f882bf7f237bbce5298e
-
SHA512
5c9dea37afe0c87fd35d90fec9443e62e6ef645685a808ffde0e053f0f0d0766c75a40a32f827881b84bca5bcb277a2c99a8bcbc64b8600e98f158b82356f19b
-
SSDEEP
24576:P09tv9/7JtDElDEExIko2H2HESq2eWJ6MQjySjy+pt:P09XJt4HIN2H2tFvduySXt
Malware Config
Targets
-
-
Target
a383b46965ad6b4ea57a4466df3634385932e6f09cf5f882bf7f237bbce5298e
-
Size
1.2MB
-
MD5
36d00e1c116ad878209f522ad0e1196f
-
SHA1
1c790a685400243ed8844f5cbde4282d0f523e31
-
SHA256
a383b46965ad6b4ea57a4466df3634385932e6f09cf5f882bf7f237bbce5298e
-
SHA512
5c9dea37afe0c87fd35d90fec9443e62e6ef645685a808ffde0e053f0f0d0766c75a40a32f827881b84bca5bcb277a2c99a8bcbc64b8600e98f158b82356f19b
-
SSDEEP
24576:P09tv9/7JtDElDEExIko2H2HESq2eWJ6MQjySjy+pt:P09XJt4HIN2H2tFvduySXt
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Gh0strat family
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Purplefox family
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1