General
-
Target
0b46d6b1afb62dbfda6c6a9e0954bd2cd85c9304ea0cd4ac8f6bc8bdf62a96a6
-
Size
1.9MB
-
Sample
250125-wcp96stmgs
-
MD5
50ca790b3ccab38e5a6a62bd25dc26e1
-
SHA1
c86c7393bb8284ef460813c5101a0fe3dea6fc0b
-
SHA256
0b46d6b1afb62dbfda6c6a9e0954bd2cd85c9304ea0cd4ac8f6bc8bdf62a96a6
-
SHA512
7d488e322f9a6cf15291009a52f3f33cca7c8be84343984684d442efc56eb73e9fc5b07477bdeb20a2849dbcb7e66d65566d0073bf1c8e3392844aab1b6f60fa
-
SSDEEP
49152:OM7FkV03GheXZzkMK5I5Je+n8biWeJ1d3+Dd20kKHFF1DqFBTl:OMB5GhepzkMKi51n8bih3+DVX1Dqnl
Malware Config
Targets
-
-
Target
0b46d6b1afb62dbfda6c6a9e0954bd2cd85c9304ea0cd4ac8f6bc8bdf62a96a6
-
Size
1.9MB
-
MD5
50ca790b3ccab38e5a6a62bd25dc26e1
-
SHA1
c86c7393bb8284ef460813c5101a0fe3dea6fc0b
-
SHA256
0b46d6b1afb62dbfda6c6a9e0954bd2cd85c9304ea0cd4ac8f6bc8bdf62a96a6
-
SHA512
7d488e322f9a6cf15291009a52f3f33cca7c8be84343984684d442efc56eb73e9fc5b07477bdeb20a2849dbcb7e66d65566d0073bf1c8e3392844aab1b6f60fa
-
SSDEEP
49152:OM7FkV03GheXZzkMK5I5Je+n8biWeJ1d3+Dd20kKHFF1DqFBTl:OMB5GhepzkMKi51n8bih3+DVX1Dqnl
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Gh0strat family
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Purplefox family
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1