Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

yohuab.exe
Size

1MB
Sample

221231-jxvn6scf2z
MD5

db8a8e8b37240e9b989d8331afa38df9
SHA1

1ddd9e5ca937a9daa474997025778e4676f94a2b
SHA256

e4ae6708cd1d74b95175a022d6efcb86fe1fe058f5b611f8a8dec0fc56ec0271
SHA512

fafba2f9c3e55ab8ab29acf5c7bb87bb54d6d40a87b815a7fbbe60609da2ccdf6f91279a36b28987047450a3fa39413166a7ac4f3ca1774770af617e4e6d4813
SSDEEP

12288:l762TWGnujqU0z0gIlGYTbRliQHaUVPgCwUyzcdqPtoDC5n0I:l762mqtzlIlRZ6UNgC70P+Dm0I

Score

10^/10

gh0strat purplefox rat rootkit trojan

Malware Config

Targets

- Target
  
  yohuab.exe
- Size
  
  1MB
- MD5
  
  db8a8e8b37240e9b989d8331afa38df9
- SHA1
  
  1ddd9e5ca937a9daa474997025778e4676f94a2b
- SHA256
  
  e4ae6708cd1d74b95175a022d6efcb86fe1fe058f5b611f8a8dec0fc56ec0271
- SHA512
  
  fafba2f9c3e55ab8ab29acf5c7bb87bb54d6d40a87b815a7fbbe60609da2ccdf6f91279a36b28987047450a3fa39413166a7ac4f3ca1774770af617e4e6d4813
- SSDEEP
  
  12288:l762TWGnujqU0z0gIlGYTbRliQHaUVPgCwUyzcdqPtoDC5n0I:l762mqtzlIlRZ6UNgC70P+Dm0I
Score

10^/10

gh0strat purplefox rat rootkit trojan
- Detect PurpleFox Rootkit
  Detect PurpleFox Rootkit.
  rootkit
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- PurpleFox
  PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
  rootkit trojan purplefox
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

gh0stratpurplefoxratrootkittrojan

behavioral2

gh0stratpurplefoxratrootkittrojan