gh0strat | 36fadbc7a0058168dc9f341447cd8e32021bbe49d88ee23a3486d8dc7b58b863 | Triage

Submit
Reports

Overview

overview

Static

static

1

tmp.exe

windows7-x64

tmp.exe

windows10-2004-x64

Sharing

General

Target

tmp
Size

29.0MB
Sample

230328-n1bspacd9x
MD5

0eced94273a76722b8867efad60b9c4c
SHA1

c11788a3d35d6ed77d696fbdde22ad5c3bf86e3b
SHA256

36fadbc7a0058168dc9f341447cd8e32021bbe49d88ee23a3486d8dc7b58b863
SHA512

caa256c921d4c67ed8ebc308619b83003a63e45fc592285323fbfc4541c0b9a26e8f156e8d990bbb5a35e44ce7b69aa1fd6c31f8ca299ef5065c800128cd4237
SSDEEP

786432:leyuVrGdvL3GL5D5cozOBtphqBMyws8Kk6FtiaUKFyP2S:g7YzO5D55qrOus8Kk6F0aUH2S

Score

10^/10

gh0strat purplefox rat rootkit trojan

Static task

static1

Behavioral task

behavioral1

Sample

tmp.exe

Resource

win7-20230220-en

gh0strat purplefox rat rootkit trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

tmp.exe

Resource

win10v2004-20230220-en

gh0strat purplefox rat rootkit trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

gh0strat

C2

103.127.83.61

Targets

- Target
  
  tmp
- Size
  
  29.0MB
- MD5
  
  0eced94273a76722b8867efad60b9c4c
- SHA1
  
  c11788a3d35d6ed77d696fbdde22ad5c3bf86e3b
- SHA256
  
  36fadbc7a0058168dc9f341447cd8e32021bbe49d88ee23a3486d8dc7b58b863
- SHA512
  
  caa256c921d4c67ed8ebc308619b83003a63e45fc592285323fbfc4541c0b9a26e8f156e8d990bbb5a35e44ce7b69aa1fd6c31f8ca299ef5065c800128cd4237
- SSDEEP
  
  786432:leyuVrGdvL3GL5D5cozOBtphqBMyws8Kk6FtiaUKFyP2S:g7YzO5D55qrOus8Kk6F0aUH2S
Score

10^/10

gh0strat purplefox rat rootkit trojan
- Detect PurpleFox Rootkit
  Detect PurpleFox Rootkit.
  rootkit
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- PurpleFox
  PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
  rootkit trojan purplefox
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gh0stratpurplefoxratrootkittrojan

behavioral2

gh0stratpurplefoxratrootkittrojan

© 2018-2024

Terms | Privacy