Overview

overview

10

Static

static

10

9aa10ec5ba...d2.exe

windows7-x64

10

9aa10ec5ba...d2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9aa10ec5ba53a6958f1b40889fa1792f9b7dcd5266bc3fcf7d9b3cda495208d2

  • Size

    7.9MB

  • Sample

    250119-pvxcwaxnhs

  • MD5

    88904887405c6061056c20e55d38acdd

  • SHA1

    de781e2488f6a9fbfe80c916d74e4929cfb4d1c3

  • SHA256

    9aa10ec5ba53a6958f1b40889fa1792f9b7dcd5266bc3fcf7d9b3cda495208d2

  • SHA512

    cb4bbf2b27ed65ed2e2a96e455348f9964337457b16eb881611c120b75b08cc74a076d7ce739e29628ef3b3cdfdd6baef3d5f3eee9b1257826d7d3845636662f

  • SSDEEP

    196608:4y2LkxoSxt5g3vWwe9f/3R4Zq4V+3XcJHQvFLOyomFHKnPot:GSxrg3+we9XR4Zq00Flt

Score
10/10
blackmoongh0stratpurplefoxdiscoverypersistenceratrootkittrojanupx

Malware Config

Targets

    • Target

      9aa10ec5ba53a6958f1b40889fa1792f9b7dcd5266bc3fcf7d9b3cda495208d2

    • Size

      7.9MB

    • MD5

      88904887405c6061056c20e55d38acdd

    • SHA1

      de781e2488f6a9fbfe80c916d74e4929cfb4d1c3

    • SHA256

      9aa10ec5ba53a6958f1b40889fa1792f9b7dcd5266bc3fcf7d9b3cda495208d2

    • SHA512

      cb4bbf2b27ed65ed2e2a96e455348f9964337457b16eb881611c120b75b08cc74a076d7ce739e29628ef3b3cdfdd6baef3d5f3eee9b1257826d7d3845636662f

    • SSDEEP

      196608:4y2LkxoSxt5g3vWwe9f/3R4Zq4V+3XcJHQvFLOyomFHKnPot:GSxrg3+we9XR4Zq00Flt

    Score
    10/10
    gh0stratpurplefoxdiscoverypersistenceratrootkittrojanupx

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

      rootkit

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Gh0strat family

      gh0strat

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

      rootkittrojanpurplefox

    • Purplefox family

      purplefox

    • Drops file in Drivers directory

    • Sets service image path in registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.