Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

f09501502b530c6110f040db7dab0702c061ebfeb33d882f70462086e2bc6ad7
Size

1MB
Sample

230107-y8bg1aef72
MD5

c645d0b4fd2a6cda321f22ca63c0c9e4
SHA1

f399b4c706c0a5d9e9005d26b3059385065bbe58
SHA256

f09501502b530c6110f040db7dab0702c061ebfeb33d882f70462086e2bc6ad7
SHA512

80b1307bcacf85dc96d6bdea0757c008275ac0c5a00654a6a8db447da11c4f25f61f1d54e2045a1b3c06cea5eeaa7e7680c6e30836c3b2cbd8a3e44758c95401
SSDEEP

12288:cU4GKjTbx62TWGnujqU0z0gIlGYTbRliQHaUVPgCwUyzcdqPtoDC5n0I:cU4tjTF62mqtzlIlRZ6UNgC70P+Dm0I

Score

10^/10

gh0strat purplefox rat rootkit trojan

Malware Config

Targets

- Target
  
  f09501502b530c6110f040db7dab0702c061ebfeb33d882f70462086e2bc6ad7
- Size
  
  1MB
- MD5
  
  c645d0b4fd2a6cda321f22ca63c0c9e4
- SHA1
  
  f399b4c706c0a5d9e9005d26b3059385065bbe58
- SHA256
  
  f09501502b530c6110f040db7dab0702c061ebfeb33d882f70462086e2bc6ad7
- SHA512
  
  80b1307bcacf85dc96d6bdea0757c008275ac0c5a00654a6a8db447da11c4f25f61f1d54e2045a1b3c06cea5eeaa7e7680c6e30836c3b2cbd8a3e44758c95401
- SSDEEP
  
  12288:cU4GKjTbx62TWGnujqU0z0gIlGYTbRliQHaUVPgCwUyzcdqPtoDC5n0I:cU4tjTF62mqtzlIlRZ6UNgC70P+Dm0I
Score

10^/10

gh0strat purplefox rat rootkit trojan
- Detect PurpleFox Rootkit
  Detect PurpleFox Rootkit.
  rootkit
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- PurpleFox
  PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
  rootkit trojan purplefox
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

gh0stratpurplefoxratrootkittrojan

behavioral2

gh0stratpurplefoxratrootkittrojan