gh0strat | f084c4e45f3b297c45407dc43f27d4b5a52d6827b402c086642f2febf1ab9a7f | Triage

Submit
Reports

Overview

overview

Static

static

1

f084c4e45f...7f.exe

windows7-x64

7

f084c4e45f...7f.exe

windows10-2004-x64

Sharing

General

Target

f084c4e45f3b297c45407dc43f27d4b5a52d6827b402c086642f2febf1ab9a7f
Size

1.4MB
Sample

230217-x8nlwsge4v
MD5

61e2f8d8a84260df190cecbba7d8adf9
SHA1

a15a6b98c25a0fc7ac36b151e4d9c9fd3ad0c53e
SHA256

f084c4e45f3b297c45407dc43f27d4b5a52d6827b402c086642f2febf1ab9a7f
SHA512

b3cb9806890ae2295eb2c76ecc6822eb92bb139fe4abc72332c52f64c79a9b443eaf92efa6ef92a71fde75e97a1ae06842426169c6208ad423ce3c0ccec10611
SSDEEP

24576:wsTjQ4jMaQ5H2xNDsDgzxPd91st8gb4SrQFlmf5xdJNqczGxpLh6g165jBjIc7Ad:wsX0aQJ2x1sDgnktNbNr19DqGMldk97O

Score

10^/10

gh0strat purplefox rat rootkit trojan

Static task

static1

Behavioral task

behavioral1

Sample

f084c4e45f3b297c45407dc43f27d4b5a52d6827b402c086642f2febf1ab9a7f.exe

Resource

win7-20221111-en

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

f084c4e45f3b297c45407dc43f27d4b5a52d6827b402c086642f2febf1ab9a7f.exe

Resource

win10v2004-20221111-en

gh0strat purplefox rat rootkit trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  f084c4e45f3b297c45407dc43f27d4b5a52d6827b402c086642f2febf1ab9a7f
- Size
  
  1.4MB
- MD5
  
  61e2f8d8a84260df190cecbba7d8adf9
- SHA1
  
  a15a6b98c25a0fc7ac36b151e4d9c9fd3ad0c53e
- SHA256
  
  f084c4e45f3b297c45407dc43f27d4b5a52d6827b402c086642f2febf1ab9a7f
- SHA512
  
  b3cb9806890ae2295eb2c76ecc6822eb92bb139fe4abc72332c52f64c79a9b443eaf92efa6ef92a71fde75e97a1ae06842426169c6208ad423ce3c0ccec10611
- SSDEEP
  
  24576:wsTjQ4jMaQ5H2xNDsDgzxPd91st8gb4SrQFlmf5xdJNqczGxpLh6g165jBjIc7Ad:wsX0aQJ2x1sDgnktNbNr19DqGMldk97O
Score

10^/10

gh0strat purplefox rat rootkit trojan
- Detect PurpleFox Rootkit
  Detect PurpleFox Rootkit.
  rootkit
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- PurpleFox
  PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
  rootkit trojan purplefox
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

gh0stratpurplefoxratrootkittrojan

© 2018-2024

Terms | Privacy