General
-
Target
58b37c51dd2dfae62b0b14e6eb058fa5bd5973b071a07808f75b6542342951c0
-
Size
1.4MB
-
Sample
250119-pvywpsykel
-
MD5
05c0333f9fdff907d97ec903660de4a5
-
SHA1
ec7c0f4cfe1fb353eab105a6cfa149b480fcf7ce
-
SHA256
58b37c51dd2dfae62b0b14e6eb058fa5bd5973b071a07808f75b6542342951c0
-
SHA512
873edeb12bc160def68ec90b357c01a26d63361bee08e2b2c3e1f1fa9fcd59d8f123611e4e99b4724ed212775c224e4c8673a63835e6946df4b5cd2dda467122
-
SSDEEP
24576:ri2Tro2H2HESq2eWJ6MQjySjykt5KHUtkP7IFBLzRA5m9/KTquoo+/iKP:rxTc2H2tFvduyStHeTUaTq
Malware Config
Targets
-
-
Target
58b37c51dd2dfae62b0b14e6eb058fa5bd5973b071a07808f75b6542342951c0
-
Size
1.4MB
-
MD5
05c0333f9fdff907d97ec903660de4a5
-
SHA1
ec7c0f4cfe1fb353eab105a6cfa149b480fcf7ce
-
SHA256
58b37c51dd2dfae62b0b14e6eb058fa5bd5973b071a07808f75b6542342951c0
-
SHA512
873edeb12bc160def68ec90b357c01a26d63361bee08e2b2c3e1f1fa9fcd59d8f123611e4e99b4724ed212775c224e4c8673a63835e6946df4b5cd2dda467122
-
SSDEEP
24576:ri2Tro2H2HESq2eWJ6MQjySjykt5KHUtkP7IFBLzRA5m9/KTquoo+/iKP:rxTc2H2tFvduyStHeTUaTq
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Gh0strat family
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Purplefox family
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1