Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

06827f4cf4770fdcd4d8550f642d6b5f1de4887102ea5bf0c1a9cade86fdd72d
Size

2MB
Sample

221116-p8a2sseh4x
MD5

7ee32b6fb58bd217fd7eb3e2eb6563d6
SHA1

eb3a342533f53990e5219af18008c7e929409078
SHA256

06827f4cf4770fdcd4d8550f642d6b5f1de4887102ea5bf0c1a9cade86fdd72d
SHA512

7cc5229d974d45f19c85f485874715deaf30c13bc56fbd0b5e677dd081a84e6aea898d6cba638653b1471aefcbbf8bb763db8b1760fef740f0a38f9e882d890a
SSDEEP

24576:Vgd0Wtx182WgHN8kSszVSlMHcTDBMGr9chBMBzBBLa+r:VIvWgGkSMbHcTDhVzBBLa+r

Score

10^/10

gh0strat purplefox rat rootkit trojan

Malware Config

Targets

- Target
  
  06827f4cf4770fdcd4d8550f642d6b5f1de4887102ea5bf0c1a9cade86fdd72d
- Size
  
  2MB
- MD5
  
  7ee32b6fb58bd217fd7eb3e2eb6563d6
- SHA1
  
  eb3a342533f53990e5219af18008c7e929409078
- SHA256
  
  06827f4cf4770fdcd4d8550f642d6b5f1de4887102ea5bf0c1a9cade86fdd72d
- SHA512
  
  7cc5229d974d45f19c85f485874715deaf30c13bc56fbd0b5e677dd081a84e6aea898d6cba638653b1471aefcbbf8bb763db8b1760fef740f0a38f9e882d890a
- SSDEEP
  
  24576:Vgd0Wtx182WgHN8kSszVSlMHcTDBMGr9chBMBzBBLa+r:VIvWgGkSMbHcTDhVzBBLa+r
Score

10^/10

gh0strat purplefox rat rootkit trojan
- Detect PurpleFox Rootkit
  Detect PurpleFox Rootkit.
  rootkit
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- PurpleFox
  PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
  rootkit trojan purplefox
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

gh0stratpurplefoxratrootkittrojan

behavioral2

gh0stratpurplefoxratrootkittrojan