General
-
Target
738c9b02a99069619317466392e8b7a07c617c0b6a3e1ee89f410156d71ff59b
-
Size
491KB
-
Sample
250208-n7v5xatmby
-
MD5
fd116ee7e4c7a593392090734c43602f
-
SHA1
62c3c60d70b615d23af5323ca440ea0bd0e49007
-
SHA256
738c9b02a99069619317466392e8b7a07c617c0b6a3e1ee89f410156d71ff59b
-
SHA512
d9d2e40351ed4f8b320307c47c201a8058f67fc712d2c58aab2b81f1bdfe03012f10bafd3e0b7999e76589461fc274cbfea31fa6782ceb3acf4fec9797a7fe5d
-
SSDEEP
6144:GpoMkequERu8qQ1fjYMMW9eKZH+IdISTUL24qL9cPKcPzR2R/6lZv:oDR+u8pfjYMMWNvdhUSByFPzFv
Malware Config
Targets
-
-
Target
738c9b02a99069619317466392e8b7a07c617c0b6a3e1ee89f410156d71ff59b
-
Size
491KB
-
MD5
fd116ee7e4c7a593392090734c43602f
-
SHA1
62c3c60d70b615d23af5323ca440ea0bd0e49007
-
SHA256
738c9b02a99069619317466392e8b7a07c617c0b6a3e1ee89f410156d71ff59b
-
SHA512
d9d2e40351ed4f8b320307c47c201a8058f67fc712d2c58aab2b81f1bdfe03012f10bafd3e0b7999e76589461fc274cbfea31fa6782ceb3acf4fec9797a7fe5d
-
SSDEEP
6144:GpoMkequERu8qQ1fjYMMW9eKZH+IdISTUL24qL9cPKcPzR2R/6lZv:oDR+u8pfjYMMWNvdhUSByFPzFv
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Gh0strat family
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Purplefox family
-
Downloads MZ/PE file
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-