Overview

overview

10

Static

static

1

5a1da40e6f...49.exe

windows7-x64

10

5a1da40e6f...49.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5a1da40e6fa1b53c3f0b4f14c5e14d14dcdbd8f15dca652a090e5c5fc0b54f49

  • Size

    3.6MB

  • Sample

    230328-jz4pvshg53

  • MD5

    35ea1c048a22ad043a34822f3dca4b7c

  • SHA1

    91a2e3e49fdb7cd39602b4fa77c3f41e7804e333

  • SHA256

    5a1da40e6fa1b53c3f0b4f14c5e14d14dcdbd8f15dca652a090e5c5fc0b54f49

  • SHA512

    dd240d13e6960448642f5fd76c516852c7d1a5473203fa7e5dedafeb5a21158a996c91ce9c0abfc461d740188aac7eabeb713d9f747e699e43c52ba7f8aead3b

  • SSDEEP

    98304:4LNg+h8U3yR7/zAlMlZs7R0yPpI1KEuTw5wEOp:4LNPaLRDzblZsN0yxTU+vp

Score
10/10
gh0stratpurplefoxratrootkittrojan

Malware Config

Targets

    • Target

      5a1da40e6fa1b53c3f0b4f14c5e14d14dcdbd8f15dca652a090e5c5fc0b54f49

    • Size

      3.6MB

    • MD5

      35ea1c048a22ad043a34822f3dca4b7c

    • SHA1

      91a2e3e49fdb7cd39602b4fa77c3f41e7804e333

    • SHA256

      5a1da40e6fa1b53c3f0b4f14c5e14d14dcdbd8f15dca652a090e5c5fc0b54f49

    • SHA512

      dd240d13e6960448642f5fd76c516852c7d1a5473203fa7e5dedafeb5a21158a996c91ce9c0abfc461d740188aac7eabeb713d9f747e699e43c52ba7f8aead3b

    • SSDEEP

      98304:4LNg+h8U3yR7/zAlMlZs7R0yPpI1KEuTw5wEOp:4LNPaLRDzblZsN0yxTU+vp

    Score
    10/10
    gh0stratpurplefoxratrootkittrojan

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

      rootkit

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

      rootkittrojanpurplefox

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks