gh0strat | e49469e7ea6bc4a838867c6d070f888dcafd2b4f5cda90f84aee03a47538ed05 | Triage

Submit
Reports

Overview

overview

Static

static

1

e49469e7ea...05.exe

windows7-x64

e49469e7ea...05.exe

windows10-2004-x64

Sharing

General

Target

e49469e7ea6bc4a838867c6d070f888dcafd2b4f5cda90f84aee03a47538ed05
Size

4.6MB
Sample

230330-c475hscd2t
MD5

096ccc345415b89352ded241afc64e2b
SHA1

ef66e15f03195b3fd58308a97ba4380b4e3587da
SHA256

e49469e7ea6bc4a838867c6d070f888dcafd2b4f5cda90f84aee03a47538ed05
SHA512

5c68a1989d3866cc97f1b3d9a9e68f25b41a6f857f4b3b0f8388983a3b858be476d66903a4fcd2dc3960ef486888c999288a302ac50bb4d7c8ee116414b28477
SSDEEP

98304:4xG6Ww1+meGUOowomFbZy8VctmCmavSB6lcR4z+oStmawATRU:4JcrGUOow1k8CpO6lc6K3cYT

Score

10^/10

gh0strat purplefox rat rootkit trojan

Static task

static1

Behavioral task

behavioral1

Sample

e49469e7ea6bc4a838867c6d070f888dcafd2b4f5cda90f84aee03a47538ed05.exe

Resource

win7-20230220-en

gh0strat purplefox rat rootkit trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

e49469e7ea6bc4a838867c6d070f888dcafd2b4f5cda90f84aee03a47538ed05.exe

Resource

win10v2004-20230220-en

gh0strat purplefox rat rootkit trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  e49469e7ea6bc4a838867c6d070f888dcafd2b4f5cda90f84aee03a47538ed05
- Size
  
  4.6MB
- MD5
  
  096ccc345415b89352ded241afc64e2b
- SHA1
  
  ef66e15f03195b3fd58308a97ba4380b4e3587da
- SHA256
  
  e49469e7ea6bc4a838867c6d070f888dcafd2b4f5cda90f84aee03a47538ed05
- SHA512
  
  5c68a1989d3866cc97f1b3d9a9e68f25b41a6f857f4b3b0f8388983a3b858be476d66903a4fcd2dc3960ef486888c999288a302ac50bb4d7c8ee116414b28477
- SSDEEP
  
  98304:4xG6Ww1+meGUOowomFbZy8VctmCmavSB6lcR4z+oStmawATRU:4JcrGUOow1k8CpO6lc6K3cYT
Score

10^/10

gh0strat purplefox rat rootkit trojan
- Detect PurpleFox Rootkit
  Detect PurpleFox Rootkit.
  rootkit
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- PurpleFox
  PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
  rootkit trojan purplefox
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gh0stratpurplefoxratrootkittrojan

behavioral2

gh0stratpurplefoxratrootkittrojan

© 2018-2024

Terms | Privacy