gh0strat | 3bf10e3b78838caa4f0a07bdd37640e754db161236c02c8bbe2dfaca1522eb65 | Triage

Submit
Reports

Overview

overview

Static

static

ba3596a137...83.exe

windows10-1703-x64

Sharing

General

Target

ba3596a1377ff46097b5fcad9d4260a959c12783.zip
Size

760KB
Sample

220914-rd1p3saee3
MD5

18df88357e2828b10760e9f4706defb8
SHA1

c595527dfe6cdb1dc9bab0c353db579d22b28f16
SHA256

3bf10e3b78838caa4f0a07bdd37640e754db161236c02c8bbe2dfaca1522eb65
SHA512

2ccf4ba9ed540a1e2a5229570f28f9ec30c0cc63a6d3a31f28c83c27a7c8c3ce192f61d773720321d1cc7c05d56ef9326dbbe0552300219e116ceca6876ffffd
SSDEEP

12288:XPnfb+VTZP2Drivfy69S4GIQRIvm90Y77ushtZB87QTxtyU5SgbPMxOCh5ebEwT+:Xq+Z6sTInuusr88TxtzbPWkIw2r7P

Score

10^/10

gh0strat purplefox persistence rat rootkit trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

ba3596a1377ff46097b5fcad9d4260a959c12783.exe

Resource

win10-20220812-en

gh0strat purplefox persistence rat rootkit trojan upx

windows10-1703-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  ba3596a1377ff46097b5fcad9d4260a959c12783.rl
- Size
  
  1.3MB
- MD5
  
  02ce7de78a1ed43bea8c9cc7bccae679
- SHA1
  
  ba3596a1377ff46097b5fcad9d4260a959c12783
- SHA256
  
  69abe8168b7a224592c480680a0b150cbf74141a5c74995d1edc33f8ff7314d5
- SHA512
  
  d38954a6dcbde2e7c63f106121b50947e457215827e6f332091483aa36a770c09483402a591ed3f3ada4dbfd996276d4ece9d5d9312ea285c460c1036db0296c
- SSDEEP
  
  24576:s09tv9/7JtDElDEExIko2H2HESq2eWJ6MQjySjy+yckA:s09XJt4HIN2H2tFvduySrr
Score

10^/10

gh0strat purplefox persistence rat rootkit trojan upx
- Detect PurpleFox Rootkit
  Detect PurpleFox Rootkit.
  rootkit
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- PurpleFox
  PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
  rootkit trojan purplefox
- Drops file in Drivers directory
- Executes dropped EXE
- Sets service image path in registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gh0stratpurplefoxpersistenceratrootkittrojanupx

© 2018-2024

Terms | Privacy