Overview

overview

10

Static

static

1

4e90491d7b...10.exe

windows7-x64

10

4e90491d7b...10.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4e90491d7bfcb50079a2fc9795b8ae9c4bd9ee5b26913b075ea248f953c6b910.zip

  • Size

    610KB

  • Sample

    230321-rytr9sdc4t

  • MD5

    d8bd093acbff37a60b0dd0aaa8e5dee9

  • SHA1

    9b051da2ce49bce4302a63123017bdf4306c3962

  • SHA256

    894a47999d53a3c1e714b285408d5e56952e86fe330f96870983dd0c0f6d601e

  • SHA512

    56d3075cc1aaadbd9dbb5581df57ecaeef2afc42e1287dda64100e266ca223ef7d48b0458947c98a6527c583f880ce9bb52419d849b9b35bf967fc8fae2a14e9

  • SSDEEP

    12288:AsdqRyCqdqsmgosrPpQS7Mv2MAidv0Dhlf8ZOdz6dHrbU:AuqRyrPpHIvrutlfMdHHU

Score
10/10
gh0stratpurplefoxratrootkittrojan

Malware Config

Extracted

Family

gh0strat

C2

121.127.249.135

Targets

    • Target

      4e90491d7bfcb50079a2fc9795b8ae9c4bd9ee5b26913b075ea248f953c6b910.exe

    • Size

      621KB

    • MD5

      ac9cc7a0d1a9e1cfde6591605f42a8d3

    • SHA1

      db8c865ce6b12867e3269c867104f0daffce0a38

    • SHA256

      4e90491d7bfcb50079a2fc9795b8ae9c4bd9ee5b26913b075ea248f953c6b910

    • SHA512

      fe3536c5da00e362c4e09871f4b3d1bf832b43ae62e71bd95885a2b4870dcaa6219655c0d460af34734ba6a27ba622913c34e550505a35311dab6a1c8b8bdbd3

    • SSDEEP

      12288:g2DDEEuqctaY5effnWQ7x7dJsPMR1F4fWDNo5F/oJBprSqYeJGDu12T6b:g2DoTqctaY5effnW8RDsXOvvY01bb

    Score
    10/10
    gh0stratpurplefoxratrootkittrojan

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

      rootkit

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

      rootkittrojanpurplefox
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks