General
-
Target
3d6eaaf8160ff80a84fcc829c30cc466bf1a0b18ee06ca1c6b6b0bf539eaaf59
-
Size
1.7MB
-
Sample
250208-qwk7nsxqas
-
MD5
2165967e76a27cf8db21f5f814eac704
-
SHA1
402e19c5317d3bc4190667b2ca0b241b944be0c6
-
SHA256
3d6eaaf8160ff80a84fcc829c30cc466bf1a0b18ee06ca1c6b6b0bf539eaaf59
-
SHA512
55db3a8a9af0f5aaead57638bacada51618e2740d91401c7f3bb572b5e4e35ea6061fbedf2f87c49fd1b73129b116cb05ada8f49d7115d3329ac84499c3b5c74
-
SSDEEP
24576:ezZJYuUrMDWGz6VtnCryomrT/zs0FW5a9ifi74tffCBVFYc9AyIWT5gJHu3j6TaX:IJpaV8rsP40Ea7uHCBVFPlNT6ssKX
Malware Config
Targets
-
-
Target
3d6eaaf8160ff80a84fcc829c30cc466bf1a0b18ee06ca1c6b6b0bf539eaaf59
-
Size
1.7MB
-
MD5
2165967e76a27cf8db21f5f814eac704
-
SHA1
402e19c5317d3bc4190667b2ca0b241b944be0c6
-
SHA256
3d6eaaf8160ff80a84fcc829c30cc466bf1a0b18ee06ca1c6b6b0bf539eaaf59
-
SHA512
55db3a8a9af0f5aaead57638bacada51618e2740d91401c7f3bb572b5e4e35ea6061fbedf2f87c49fd1b73129b116cb05ada8f49d7115d3329ac84499c3b5c74
-
SSDEEP
24576:ezZJYuUrMDWGz6VtnCryomrT/zs0FW5a9ifi74tffCBVFYc9AyIWT5gJHu3j6TaX:IJpaV8rsP40Ea7uHCBVFPlNT6ssKX
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Gh0strat family
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Purplefox family
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1