gh0strat | f67a41e2609e49ffcd1922c9a892c44c3e9af7c68539c1c3ee6b6fdbedc3d437 | Triage

Submit
Reports

Overview

overview

Static

static

123.exe

windows7-x64

123.exe

windows10-2004-x64

Sharing

General

Target

123.exe
Size

1.3MB
Sample

220801-vp9nxaedd2
MD5

5da8ec7f8cabbbc9ca59b5da5ef84f62
SHA1

c83f88a94ff54d35dd7b2823437c2f9ff5a55e3b
SHA256

f67a41e2609e49ffcd1922c9a892c44c3e9af7c68539c1c3ee6b6fdbedc3d437
SHA512

a241324f31f3c3773243513b55fd553503e12ed510401a8fec0ccaee81a0ccda262181f2367f9bc911b89076022f60584e3f6ac44bdc79d8127dd25fd62092aa

Score

10^/10

gh0strat purplefox persistence rat rootkit trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

123.exe

Resource

win7-20220715-en

gh0strat purplefox persistence rat rootkit trojan upx

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

123.exe

Resource

win10v2004-20220722-en

gh0strat purplefox persistence rat rootkit trojan upx

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Targets

- Target
  
  123.exe
- Size
  
  1.3MB
- MD5
  
  5da8ec7f8cabbbc9ca59b5da5ef84f62
- SHA1
  
  c83f88a94ff54d35dd7b2823437c2f9ff5a55e3b
- SHA256
  
  f67a41e2609e49ffcd1922c9a892c44c3e9af7c68539c1c3ee6b6fdbedc3d437
- SHA512
  
  a241324f31f3c3773243513b55fd553503e12ed510401a8fec0ccaee81a0ccda262181f2367f9bc911b89076022f60584e3f6ac44bdc79d8127dd25fd62092aa
Score

10^/10

gh0strat purplefox persistence rat rootkit trojan upx
- Detect PurpleFox Rootkit
  Detect PurpleFox Rootkit.
  rootkit
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- PurpleFox
  PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
  rootkit trojan purplefox
- Drops file in Drivers directory
- Executes dropped EXE
- Sets service image path in registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Creates a Windows Service
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gh0stratpurplefoxpersistenceratrootkittrojanupx

behavioral2

gh0stratpurplefoxpersistenceratrootkittrojanupx

© 2018-2024

Terms | Privacy