General
-
Target
257890ed2552fa07acef6118fceb746cc79dd85f0a16c42b76e004758ac0f273
-
Size
1.3MB
-
Sample
240701-e2gwnazarm
-
MD5
0d69b647692da3bd782d0acf83ea4942
-
SHA1
eedb363f39404aef3e836f55db01000a75f5298c
-
SHA256
257890ed2552fa07acef6118fceb746cc79dd85f0a16c42b76e004758ac0f273
-
SHA512
026fe5f2a19e46849f8bc31b5b6b8fe73b90492e932dfeba04ced858f8d11bc8132a34fa5d9cde829417d2d6ec7fc38017330cd2bddace676115876a45e0f0e7
-
SSDEEP
24576:wQZoidOTdVZinacCET9Ecl1erdg0MCiVWhFU7cVisaNd:wQZAdVyVT9n/Gg0P+WhoTjd
Malware Config
Targets
-
-
Target
257890ed2552fa07acef6118fceb746cc79dd85f0a16c42b76e004758ac0f273
-
Size
1.3MB
-
MD5
0d69b647692da3bd782d0acf83ea4942
-
SHA1
eedb363f39404aef3e836f55db01000a75f5298c
-
SHA256
257890ed2552fa07acef6118fceb746cc79dd85f0a16c42b76e004758ac0f273
-
SHA512
026fe5f2a19e46849f8bc31b5b6b8fe73b90492e932dfeba04ced858f8d11bc8132a34fa5d9cde829417d2d6ec7fc38017330cd2bddace676115876a45e0f0e7
-
SSDEEP
24576:wQZoidOTdVZinacCET9Ecl1erdg0MCiVWhFU7cVisaNd:wQZAdVyVT9n/Gg0P+WhoTjd
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Server Software Component: Terminal Services DLL
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-