gh0strat | 65814bb9a7587d67592175aef1bab54877864389126238cfe8569e68d1bd9ac7 | Triage

Submit
Reports

Overview

overview

Static

static

65814bb9a7...c7.exe

windows7-x64

65814bb9a7...c7.exe

windows10-2004-x64

Sharing

General

Target

65814bb9a7587d67592175aef1bab54877864389126238cfe8569e68d1bd9ac7
Size

1.5MB
Sample

220921-gh8ldafdc3
MD5

b2ff166474c866182a8021c80a738003
SHA1

3fa58f813fa60e1c33957ad0ac222f8c4944388b
SHA256

65814bb9a7587d67592175aef1bab54877864389126238cfe8569e68d1bd9ac7
SHA512

0e72d3a2305acd78c628a7152198273a18c9ac1c91d7e4b16f3f650258668dba87425f8fc711c70a0ac9c95e2ec47594aec7680dbc49f35a338c977662dee4c5
SSDEEP

24576:DJaKB/+bh75hSaByQ4D1Tt2q+S5YeZOjgIJn8/9Jd6VufkrIlzuChEot:cKBWJ58ll4sYeojwlkMzEo

Score

10^/10

gh0strat purplefox rat rootkit trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

65814bb9a7587d67592175aef1bab54877864389126238cfe8569e68d1bd9ac7.exe

Resource

win7-20220812-en

gh0strat purplefox rat rootkit trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

65814bb9a7587d67592175aef1bab54877864389126238cfe8569e68d1bd9ac7.exe

Resource

win10v2004-20220812-en

gh0strat purplefox rat rootkit trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  65814bb9a7587d67592175aef1bab54877864389126238cfe8569e68d1bd9ac7
- Size
  
  1.5MB
- MD5
  
  b2ff166474c866182a8021c80a738003
- SHA1
  
  3fa58f813fa60e1c33957ad0ac222f8c4944388b
- SHA256
  
  65814bb9a7587d67592175aef1bab54877864389126238cfe8569e68d1bd9ac7
- SHA512
  
  0e72d3a2305acd78c628a7152198273a18c9ac1c91d7e4b16f3f650258668dba87425f8fc711c70a0ac9c95e2ec47594aec7680dbc49f35a338c977662dee4c5
- SSDEEP
  
  24576:DJaKB/+bh75hSaByQ4D1Tt2q+S5YeZOjgIJn8/9Jd6VufkrIlzuChEot:cKBWJ58ll4sYeojwlkMzEo
Score

10^/10

gh0strat purplefox rat rootkit trojan upx
- Detect PurpleFox Rootkit
  Detect PurpleFox Rootkit.
  rootkit
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- PurpleFox
  PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
  rootkit trojan purplefox
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gh0stratpurplefoxratrootkittrojanupx

behavioral2

gh0stratpurplefoxratrootkittrojanupx

© 2018-2024

Terms | Privacy