gh0strat | 61c2dd595a4b99156cb45d62dda03eedd80e4fb4cb5ed2537fe14e72485c0c85 | Triage

Submit
Reports

Overview

overview

Static

static

61c2dd595a...85.exe

windows7-x64

61c2dd595a...85.exe

windows10-2004-x64

Sharing

General

Target

61c2dd595a4b99156cb45d62dda03eedd80e4fb4cb5ed2537fe14e72485c0c85
Size

2.3MB
Sample

221227-e46b2ahd81
MD5

5630cbc8bab9ae8c880016900504284a
SHA1

ad94ae9fbf49ac02793078030097632349eebfa8
SHA256

61c2dd595a4b99156cb45d62dda03eedd80e4fb4cb5ed2537fe14e72485c0c85
SHA512

3afbc54695dd186c39d28189450acfddd1ac80bf51e2e58a4e88dc6c294dea1bfa483edc4c21d60bf08f04ad7ad4df11b09be856d34389b227bd3a9e5c15bb52
SSDEEP

49152:NvyXDbhPJiugp5H3fMOMdw9bjkxiIiFYh/oc51IXa+UI5moW:NvuVQFp5PMOzQyFYh/ZnIhv5mo

Score

10^/10

gh0strat purplefox rat rootkit trojan

Static task

static1

Behavioral task

behavioral1

Sample

61c2dd595a4b99156cb45d62dda03eedd80e4fb4cb5ed2537fe14e72485c0c85.exe

Resource

win7-20221111-en

gh0strat purplefox rat rootkit trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

61c2dd595a4b99156cb45d62dda03eedd80e4fb4cb5ed2537fe14e72485c0c85.exe

Resource

win10v2004-20221111-en

gh0strat purplefox rat rootkit trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  61c2dd595a4b99156cb45d62dda03eedd80e4fb4cb5ed2537fe14e72485c0c85
- Size
  
  2.3MB
- MD5
  
  5630cbc8bab9ae8c880016900504284a
- SHA1
  
  ad94ae9fbf49ac02793078030097632349eebfa8
- SHA256
  
  61c2dd595a4b99156cb45d62dda03eedd80e4fb4cb5ed2537fe14e72485c0c85
- SHA512
  
  3afbc54695dd186c39d28189450acfddd1ac80bf51e2e58a4e88dc6c294dea1bfa483edc4c21d60bf08f04ad7ad4df11b09be856d34389b227bd3a9e5c15bb52
- SSDEEP
  
  49152:NvyXDbhPJiugp5H3fMOMdw9bjkxiIiFYh/oc51IXa+UI5moW:NvuVQFp5PMOzQyFYh/ZnIhv5mo
Score

10^/10

gh0strat purplefox rat rootkit trojan
- Detect PurpleFox Rootkit
  Detect PurpleFox Rootkit.
  rootkit
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- PurpleFox
  PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
  rootkit trojan purplefox
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gh0stratpurplefoxratrootkittrojan

behavioral2

gh0stratpurplefoxratrootkittrojan

© 2018-2024

Terms | Privacy