gh0strat | 06827f4cf4770fdcd4d8550f642d6b5f1de4887102ea5bf0c1a9cade86fdd72d | Triage

Submit
Reports

Overview

overview

Static

static

06827f4cf4...2d.exe

windows7-x64

06827f4cf4...2d.exe

windows10-2004-x64

Sharing

General

Target

06827f4cf4770fdcd4d8550f642d6b5f1de4887102ea5bf0c1a9cade86fdd72d
Size

2.7MB
Sample

221116-p8a2sseh4x
MD5

7ee32b6fb58bd217fd7eb3e2eb6563d6
SHA1

eb3a342533f53990e5219af18008c7e929409078
SHA256

06827f4cf4770fdcd4d8550f642d6b5f1de4887102ea5bf0c1a9cade86fdd72d
SHA512

7cc5229d974d45f19c85f485874715deaf30c13bc56fbd0b5e677dd081a84e6aea898d6cba638653b1471aefcbbf8bb763db8b1760fef740f0a38f9e882d890a
SSDEEP

24576:Vgd0Wtx182WgHN8kSszVSlMHcTDBMGr9chBMBzBBLa+r:VIvWgGkSMbHcTDhVzBBLa+r

Score

10^/10

gh0strat purplefox rat rootkit trojan

Static task

static1

Behavioral task

behavioral1

Sample

06827f4cf4770fdcd4d8550f642d6b5f1de4887102ea5bf0c1a9cade86fdd72d.exe

Resource

win7-20221111-en

gh0strat purplefox rat rootkit trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

06827f4cf4770fdcd4d8550f642d6b5f1de4887102ea5bf0c1a9cade86fdd72d.exe

Resource

win10v2004-20221111-en

gh0strat purplefox rat rootkit trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  06827f4cf4770fdcd4d8550f642d6b5f1de4887102ea5bf0c1a9cade86fdd72d
- Size
  
  2.7MB
- MD5
  
  7ee32b6fb58bd217fd7eb3e2eb6563d6
- SHA1
  
  eb3a342533f53990e5219af18008c7e929409078
- SHA256
  
  06827f4cf4770fdcd4d8550f642d6b5f1de4887102ea5bf0c1a9cade86fdd72d
- SHA512
  
  7cc5229d974d45f19c85f485874715deaf30c13bc56fbd0b5e677dd081a84e6aea898d6cba638653b1471aefcbbf8bb763db8b1760fef740f0a38f9e882d890a
- SSDEEP
  
  24576:Vgd0Wtx182WgHN8kSszVSlMHcTDBMGr9chBMBzBBLa+r:VIvWgGkSMbHcTDhVzBBLa+r
Score

10^/10

gh0strat purplefox rat rootkit trojan
- Detect PurpleFox Rootkit
  Detect PurpleFox Rootkit.
  rootkit
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- PurpleFox
  PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
  rootkit trojan purplefox
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gh0stratpurplefoxratrootkittrojan

behavioral2

gh0stratpurplefoxratrootkittrojan

© 2018-2024

Terms | Privacy