General
-
Target
28bf1355f0c3cdaee8cc67a3ceff4c81fb79d0be2470ad2b0a6c6a833e8dbf4e
-
Size
1.3MB
-
Sample
250203-hhwggsvrbk
-
MD5
67c0befb496bddee9e9490968476312b
-
SHA1
11ef39fef9ed828ada619a87f4779ca637df9c5c
-
SHA256
28bf1355f0c3cdaee8cc67a3ceff4c81fb79d0be2470ad2b0a6c6a833e8dbf4e
-
SHA512
c64357f805e4f27ea5dafe3dadffaf515ee3d5134d773c5bf904686c9f5f412ce3212d8c71cd0e8e39d05560e154d4059f5ceb978906a45fc3e568b1b04210f4
-
SSDEEP
24576:9OyHutimZ9VSly2hVvHW6qMnSbTBBhBMNXFyzhyz:wHPkVOBTK
Malware Config
Targets
-
-
Target
28bf1355f0c3cdaee8cc67a3ceff4c81fb79d0be2470ad2b0a6c6a833e8dbf4e
-
Size
1.3MB
-
MD5
67c0befb496bddee9e9490968476312b
-
SHA1
11ef39fef9ed828ada619a87f4779ca637df9c5c
-
SHA256
28bf1355f0c3cdaee8cc67a3ceff4c81fb79d0be2470ad2b0a6c6a833e8dbf4e
-
SHA512
c64357f805e4f27ea5dafe3dadffaf515ee3d5134d773c5bf904686c9f5f412ce3212d8c71cd0e8e39d05560e154d4059f5ceb978906a45fc3e568b1b04210f4
-
SSDEEP
24576:9OyHutimZ9VSly2hVvHW6qMnSbTBBhBMNXFyzhyz:wHPkVOBTK
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Gh0strat family
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Purplefox family
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1