General
-
Target
bd0a6af0726145d3fb2039758e8078fa0b0a7fb12e29089a3a899f15c7bae0fe
-
Size
491KB
-
Sample
250208-q7e5sszmbn
-
MD5
6d4a9db3e56c1cb426248ae5b8f175ca
-
SHA1
c4ed6b32716d9cadd0fae00781e454452f25989c
-
SHA256
bd0a6af0726145d3fb2039758e8078fa0b0a7fb12e29089a3a899f15c7bae0fe
-
SHA512
c771ef7a281b45cbe09efcb51d9e6407f4a0c52b0dbab5cbb6e3bbd7e994e7203a90651df76c4d988390c1142378287e4135172670980b522a4d1f212932136d
-
SSDEEP
6144:GpoMkequERu8qQ1fjYMMW9eKZH+IdISTUL24qL9cPKcPzR2RH6lZv:oDR+u8pfjYMMWNvdhUSByFPzxv
Malware Config
Targets
-
-
Target
bd0a6af0726145d3fb2039758e8078fa0b0a7fb12e29089a3a899f15c7bae0fe
-
Size
491KB
-
MD5
6d4a9db3e56c1cb426248ae5b8f175ca
-
SHA1
c4ed6b32716d9cadd0fae00781e454452f25989c
-
SHA256
bd0a6af0726145d3fb2039758e8078fa0b0a7fb12e29089a3a899f15c7bae0fe
-
SHA512
c771ef7a281b45cbe09efcb51d9e6407f4a0c52b0dbab5cbb6e3bbd7e994e7203a90651df76c4d988390c1142378287e4135172670980b522a4d1f212932136d
-
SSDEEP
6144:GpoMkequERu8qQ1fjYMMW9eKZH+IdISTUL24qL9cPKcPzR2RH6lZv:oDR+u8pfjYMMWNvdhUSByFPzxv
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Gh0strat family
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Purplefox family
-
Downloads MZ/PE file
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-