gh0strat | f1a0004d18648fa4e83aa95b51cf4c3f14b9de9335222b911cdf7f10534dd52e | Triage

Submit
Reports

Overview

overview

Static

static

tmp.exe

windows7-x64

tmp.exe

windows10-2004-x64

Sharing

General

Target

tmp
Size

396KB
Sample

220923-qg73wsggh2
MD5

fd2b5d4d3603c053932eefa363d9dfd9
SHA1

3a98a6897f622e841f9a6e64b35aeef169ccb518
SHA256

f1a0004d18648fa4e83aa95b51cf4c3f14b9de9335222b911cdf7f10534dd52e
SHA512

c1418cd6105596a5ee6c80bd9fd793c0e6d14250c9f3c2db8c38ee83b3434d157baeea03c321b23d5ade1c9a9eec21c618f2e6c5d3bdfd94aed7f88493b35163
SSDEEP

12288:sb5DbPowllDRf9Ib2JONfUcri1RcQP2a5:s9Dbg6lV9C2JOBUIc12a5

Score

10^/10

gh0strat purplefox rat rootkit trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

tmp.exe

Resource

win7-20220812-en

gh0strat purplefox rat rootkit trojan upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

tmp.exe

Resource

win10v2004-20220812-en

gh0strat purplefox rat rootkit trojan upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  tmp
- Size
  
  396KB
- MD5
  
  fd2b5d4d3603c053932eefa363d9dfd9
- SHA1
  
  3a98a6897f622e841f9a6e64b35aeef169ccb518
- SHA256
  
  f1a0004d18648fa4e83aa95b51cf4c3f14b9de9335222b911cdf7f10534dd52e
- SHA512
  
  c1418cd6105596a5ee6c80bd9fd793c0e6d14250c9f3c2db8c38ee83b3434d157baeea03c321b23d5ade1c9a9eec21c618f2e6c5d3bdfd94aed7f88493b35163
- SSDEEP
  
  12288:sb5DbPowllDRf9Ib2JONfUcri1RcQP2a5:s9Dbg6lV9C2JOBUIc12a5
Score

10^/10

gh0strat purplefox rat rootkit trojan upx
- Detect PurpleFox Rootkit
  Detect PurpleFox Rootkit.
  rootkit
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- PurpleFox
  PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
  rootkit trojan purplefox
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gh0stratpurplefoxratrootkittrojanupx

behavioral2

gh0stratpurplefoxratrootkittrojanupx

© 2018-2024

Terms | Privacy