General
-
Target
be95f799ad6467ccd0950995253b43912c16353e52b473fcae821d638d781c86
-
Size
1.5MB
-
Sample
250301-rb8mxatkt2
-
MD5
2d12f3015810dab49e9161cef00b4d0a
-
SHA1
b25b20c0ba212cbd5e07a9f3eef0890ab18f6967
-
SHA256
be95f799ad6467ccd0950995253b43912c16353e52b473fcae821d638d781c86
-
SHA512
c03856ef67a77e856c22fa98dae876d3249e9e3a3a35aa2e8200088c8015665d1c16c2c320c05f37444414de96ee5adbe2ab9caedeb6c78bb251ab09b1a9b6ad
-
SSDEEP
24576:QU5WC5GefgFc8AJNW0SXMcDGgdJ+kk/N/LejXaki8f4QNG4QJ0x/db3rVZKCA:hWC5Ge4XwkBDGg/+L/ijTeR0xFbbfKCA
Malware Config
Targets
-
-
Target
be95f799ad6467ccd0950995253b43912c16353e52b473fcae821d638d781c86
-
Size
1.5MB
-
MD5
2d12f3015810dab49e9161cef00b4d0a
-
SHA1
b25b20c0ba212cbd5e07a9f3eef0890ab18f6967
-
SHA256
be95f799ad6467ccd0950995253b43912c16353e52b473fcae821d638d781c86
-
SHA512
c03856ef67a77e856c22fa98dae876d3249e9e3a3a35aa2e8200088c8015665d1c16c2c320c05f37444414de96ee5adbe2ab9caedeb6c78bb251ab09b1a9b6ad
-
SSDEEP
24576:QU5WC5GefgFc8AJNW0SXMcDGgdJ+kk/N/LejXaki8f4QNG4QJ0x/db3rVZKCA:hWC5Ge4XwkBDGg/+L/ijTeR0xFbbfKCA
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Gh0strat family
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Purplefox family
-
Deletes itself
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-