gh0strat | 39c02e646649120020be6c86778a02e4c46fb79cf7db816e79fc7998da3a3131 | Triage

Submit
Reports

Overview

overview

Static

static

1

39c02e6466...31.dll

windows7-x64

39c02e6466...31.dll

windows10-2004-x64

Sharing

General

Target

39c02e646649120020be6c86778a02e4c46fb79cf7db816e79fc7998da3a3131
Size

2.6MB
Sample

230315-qzlbvafe2s
MD5

344573557b9ed92d639acf191a4538ab
SHA1

c0ee613f353b1c0e7eaa343d9aa053bca9a87e5b
SHA256

39c02e646649120020be6c86778a02e4c46fb79cf7db816e79fc7998da3a3131
SHA512

1696319e3cf92f8548c25442b587571e818f167e4492a08ea4d26e49ae3f54f2461c8e5168696418b510d794d5c8d8cd35f0a3ddb6095793652381e36344f5a7
SSDEEP

24576:8jrINGHhvax4WwOAR++r+1UIMj7GyifH3psEiNfxyyjj5ddddi66Prip11pA:arIN4k4/M+r+1Upj7GyifH3psE/ipTq

Score

10^/10

gh0strat purplefox rat rootkit trojan

Static task

static1

Behavioral task

behavioral1

Sample

39c02e646649120020be6c86778a02e4c46fb79cf7db816e79fc7998da3a3131.dll

Resource

win7-20230220-en

gh0strat purplefox rat rootkit trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

39c02e646649120020be6c86778a02e4c46fb79cf7db816e79fc7998da3a3131.dll

Resource

win10v2004-20230220-en

gh0strat purplefox rat rootkit trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  39c02e646649120020be6c86778a02e4c46fb79cf7db816e79fc7998da3a3131
- Size
  
  2.6MB
- MD5
  
  344573557b9ed92d639acf191a4538ab
- SHA1
  
  c0ee613f353b1c0e7eaa343d9aa053bca9a87e5b
- SHA256
  
  39c02e646649120020be6c86778a02e4c46fb79cf7db816e79fc7998da3a3131
- SHA512
  
  1696319e3cf92f8548c25442b587571e818f167e4492a08ea4d26e49ae3f54f2461c8e5168696418b510d794d5c8d8cd35f0a3ddb6095793652381e36344f5a7
- SSDEEP
  
  24576:8jrINGHhvax4WwOAR++r+1UIMj7GyifH3psEiNfxyyjj5ddddi66Prip11pA:arIN4k4/M+r+1Upj7GyifH3psE/ipTq
Score

10^/10

gh0strat purplefox rat rootkit trojan
- Detect PurpleFox Rootkit
  Detect PurpleFox Rootkit.
  rootkit
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- PurpleFox
  PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
  rootkit trojan purplefox
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratpurplefoxratrootkittrojan

behavioral2

gh0stratpurplefoxratrootkittrojan

© 2018-2024

Terms | Privacy