General
-
Target
5d2b7d99b0af0087e03ee7f32c2f18f26baaec17f6c75a2229faf38049b5b91d
-
Size
1.4MB
-
Sample
250216-hzl95syke1
-
MD5
18f1183ff924ac341c82da5ff9356699
-
SHA1
65ccc12a76b18942b14fd14ad92419f4d4ffec47
-
SHA256
5d2b7d99b0af0087e03ee7f32c2f18f26baaec17f6c75a2229faf38049b5b91d
-
SHA512
c94d680da6a5b723760df459201e9dc0d7ac4064bacc08a654c7a87e8b5c70372093c595fafc14c21b71c5dd48239cb6ff55cde526ec4b8524a40362ec72cb70
-
SSDEEP
24576:F39WaOyHutimZ9VSly2hVvHW6qMnSbTBBhBMN:598HPkVOBTK
Malware Config
Targets
-
-
Target
5d2b7d99b0af0087e03ee7f32c2f18f26baaec17f6c75a2229faf38049b5b91d
-
Size
1.4MB
-
MD5
18f1183ff924ac341c82da5ff9356699
-
SHA1
65ccc12a76b18942b14fd14ad92419f4d4ffec47
-
SHA256
5d2b7d99b0af0087e03ee7f32c2f18f26baaec17f6c75a2229faf38049b5b91d
-
SHA512
c94d680da6a5b723760df459201e9dc0d7ac4064bacc08a654c7a87e8b5c70372093c595fafc14c21b71c5dd48239cb6ff55cde526ec4b8524a40362ec72cb70
-
SSDEEP
24576:F39WaOyHutimZ9VSly2hVvHW6qMnSbTBBhBMN:598HPkVOBTK
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Gh0strat family
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Purplefox family
-
Downloads MZ/PE file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-