gh0strat | 422c3df285fbd86303eb0448583550d7584a330095c60ada442cb1beb97cf670 | Triage

Submit
Reports

Overview

overview

Static

static

PPPPPPPPPPPPPPP.exe

windows7-x64

PPPPPPPPPPPPPPP.exe

windows10-2004-x64

Sharing

General

Target

PPPPPPPPPPPPPPP
Size

60KB
Sample

221101-an6kmsfdgl
MD5

94406fab156e3ed962899d6a473683c5
SHA1

08ef787ee7264e87abdb1933102ae94a8056a587
SHA256

422c3df285fbd86303eb0448583550d7584a330095c60ada442cb1beb97cf670
SHA512

c5ae7834d4722e7ca702258203f718a00403d76455cfe5e75743f116a4bd0c37ec33dcf89c6f779e8247519ae65e12523fe6bc7aede28a360fbf4687e1b2bba2
SSDEEP

768:DlH3iOcmCQkUF7Q3n8Q37RGC5fBPcKX0hT6tUTNtg3333rIX72s2H3eI2:DlHyOcmCD27c8oN5JPcQQhg3333rdX9

Score

10^/10

gh0strat purplefox evasion rat rootkit trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

PPPPPPPPPPPPPPP.exe

Resource

win7-20220812-en

gh0strat purplefox evasion rat rootkit trojan upx

windows7-x64

23 signatures

300 seconds

Behavioral task

behavioral2

Sample

PPPPPPPPPPPPPPP.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

8 signatures

300 seconds

Malware Config

Targets

- Target
  
  PPPPPPPPPPPPPPP
- Size
  
  60KB
- MD5
  
  94406fab156e3ed962899d6a473683c5
- SHA1
  
  08ef787ee7264e87abdb1933102ae94a8056a587
- SHA256
  
  422c3df285fbd86303eb0448583550d7584a330095c60ada442cb1beb97cf670
- SHA512
  
  c5ae7834d4722e7ca702258203f718a00403d76455cfe5e75743f116a4bd0c37ec33dcf89c6f779e8247519ae65e12523fe6bc7aede28a360fbf4687e1b2bba2
- SSDEEP
  
  768:DlH3iOcmCQkUF7Q3n8Q37RGC5fBPcKX0hT6tUTNtg3333rIX72s2H3eI2:DlHyOcmCD27c8oN5JPcQQhg3333rdX9
Score

10^/10

gh0strat purplefox evasion rat rootkit trojan upx
- Detect PurpleFox Rootkit
  Detect PurpleFox Rootkit.
  rootkit
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- PurpleFox
  PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
  rootkit trojan purplefox
- UAC bypass
  evasion trojan
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops startup file
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gh0stratpurplefoxevasionratrootkittrojanupx

behavioral2

© 2018-2024

Terms | Privacy