Overview

overview

10

Static

static

1

7d147fa016...14.exe

windows7-x64

10

7d147fa016...14.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7d147fa016e7218fcf60c76d2688a100e83fbb580f3c954d55e08d2c7b0b5a14.zip

  • Size

    610KB

  • Sample

    230321-ryt32abb79

  • MD5

    be3d34f29806119c60dc8ea6d9f28857

  • SHA1

    73244d8ff8204b38632de75a445f18c08d68a726

  • SHA256

    f6be7ba60af1c6d6ff9e08eeff04b216c3d6e2a6f1bea13fd03721615f72b389

  • SHA512

    388cf546056b6cb906f21c98c3d2635b5910ba6faec7020800459e888d0f1d167a3f0d79fa2d5d320d3ed21c2bbabf6826047edbcdbbe4e594d715eb31b5cc2e

  • SSDEEP

    12288:+pFfeJysJkqXoKmwz1L0I9mEAEYBiibJUqP4iexXRNUg5EgW0:2ukqzhzx0I9x8bqqP4iEXRNUget0

Score
10/10
gh0stratpurplefoxratrootkittrojan

Malware Config

Extracted

Family

gh0strat

C2

121.127.249.135

Targets

    • Target

      7d147fa016e7218fcf60c76d2688a100e83fbb580f3c954d55e08d2c7b0b5a14.exe

    • Size

      621KB

    • MD5

      889a73d55a0c4cd0bb02ff23a9d42332

    • SHA1

      1ec554975797c91ab6d32b785623659555934d99

    • SHA256

      7d147fa016e7218fcf60c76d2688a100e83fbb580f3c954d55e08d2c7b0b5a14

    • SHA512

      43b6ebeee59950c69ed0e2ca4b6924cf8d7efb61e5a91cfcaa5a74c75bdd56743503de50522c11f866563177eff0e5b8772ccb81e35f79ce09a5b16d40eb1648

    • SSDEEP

      12288:rLDDEEuqctaY5effnWQ7x7dJsPMR1F4fWDNo5F/oJBprSqYeJGD212mF:rLDoTqctaY5effnW8RDsXOvvYM1v

    Score
    10/10
    gh0stratpurplefoxratrootkittrojan

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

      rootkit

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

      rootkittrojanpurplefox
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks