General
-
Target
fd2633f8c51882ebb3c2b646163a5aced0d0912f5978e7b67bf2e5f24463215b.exe
-
Size
3.8MB
-
Sample
250225-gt3jha1p16
-
MD5
28799bb6b9b12c798a28a50f088b0535
-
SHA1
f20baa97db350d71ca410ecf0bfab9a5b77cb83d
-
SHA256
fd2633f8c51882ebb3c2b646163a5aced0d0912f5978e7b67bf2e5f24463215b
-
SHA512
1c7f0d3af013f132133d9ed1f98ffcfee119e35e52a6359c3396318b5605aac74fb7da0db829b328de0dd03b17f88b558f0c0a9a2105613c84f0d49e5df94860
-
SSDEEP
49152:0jwsbCANnKXferL7Vwe/Gg0P+Wh7BDmn2m0vRrTYzSkI+s91:6ws2ANnKXOaeOgmhtDmn2fRrkzSv9
Malware Config
Targets
-
-
Target
fd2633f8c51882ebb3c2b646163a5aced0d0912f5978e7b67bf2e5f24463215b.exe
-
Size
3.8MB
-
MD5
28799bb6b9b12c798a28a50f088b0535
-
SHA1
f20baa97db350d71ca410ecf0bfab9a5b77cb83d
-
SHA256
fd2633f8c51882ebb3c2b646163a5aced0d0912f5978e7b67bf2e5f24463215b
-
SHA512
1c7f0d3af013f132133d9ed1f98ffcfee119e35e52a6359c3396318b5605aac74fb7da0db829b328de0dd03b17f88b558f0c0a9a2105613c84f0d49e5df94860
-
SSDEEP
49152:0jwsbCANnKXferL7Vwe/Gg0P+Wh7BDmn2m0vRrTYzSkI+s91:6ws2ANnKXOaeOgmhtDmn2fRrkzSv9
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Gh0strat family
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Purplefox family
-
Drops file in Drivers directory
-
Server Software Component: Terminal Services DLL
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Server Software Component
1Terminal Services DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1