gh0strat

General

Target

1f3194c5d2f7de0505f5a5a6d219f217cd5526ef7c9f8cd2d163887176572825.zip
Size

526KB
Sample

230321-rytghabb76
MD5

f9f600d9a0373dc18022b04db7541848
SHA1

5b5c49675e6342aa275cec0fbdfa71def4738ef2
SHA256

bf0b9b913459c77c085c4114e8b50e93d1e0e0bee8b67cbf366e6801d4f72e7e
SHA512

6e3dd2ba3605b29ef3579a7d31356fc13d9a360932b3d420814d772f7b4e6989e988982b0b39a80d297864df5597e7590553c90190334466687ad35b47c94cab
SSDEEP

12288:RU9ivvjbXql+IREmYbCyt5dLMs/zF81GUHQp+scu66Y7f5FlJ:RU9iXSlTUdtzVF81GwslolJ

Score

10^/10

Malware Config

Extracted

Family

gh0strat

C2

103.127.83.61

Targets

- Target
  
  1f3194c5d2f7de0505f5a5a6d219f217cd5526ef7c9f8cd2d163887176572825.exe
- Size
  
  529KB
- MD5
  
  bc6f4c15c378f362aaf7d37644735eae
- SHA1
  
  d63eaf76bf47627c5c3d4937b6abe5929045f627
- SHA256
  
  1f3194c5d2f7de0505f5a5a6d219f217cd5526ef7c9f8cd2d163887176572825
- SHA512
  
  3440ae32dda4df300fc2ee7053e9b5ca11c59e1e89a20d5d7326a46c93798de3e596fbee8355479b78de93755a36d155b5e9476bb2bc740aab0a849ea0d45d34
- SSDEEP
  
  12288:AiDDEEuqctaY5effnWQ7x7dJsPMR1F4fWDNo5F/oJBprSqYeJGDQ:AiDoTqctaY5effnW8RDsXOvvY6
Score

10^/10

gh0strat purplefox rat rootkit trojan
- Detect PurpleFox Rootkit
  Detect PurpleFox Rootkit.
  rootkit
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- PurpleFox
  PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
  rootkit trojan purplefox
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect PurpleFox Rootkit

Gh0st RAT payload

PurpleFox

Enumerates connected drives

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2