Analysis
-
max time kernel
141s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
01-04-2023 05:00
Static task
static1
General
-
Target
d8f5ab16727edf68166c9f7973dcf87d3a563fefcb013154ccbd81367677a2cd.exe
-
Size
621KB
-
MD5
ba82f3818c68b163d9e4ad26aff88911
-
SHA1
2485278549c7f229b5ee78531a6fa8b951fa3da6
-
SHA256
d8f5ab16727edf68166c9f7973dcf87d3a563fefcb013154ccbd81367677a2cd
-
SHA512
03ca508d58dab7006e2efaef85d5c3fdcb020283e43d49e659ac9123221ceb78c10f0e764b5ac9aaa6ffd0054265b8314f45a9ce176096b2930489a864e64c4c
-
SSDEEP
12288:HUDDEEuqctaY5effnWQ7x7dJsPMR1F4fWDNo5F/oJBprSqYeJGDK12pl:HUDoTqctaY5effnW8RDsXOvvYU1cl
Malware Config
Extracted
Family
gh0strat
C2
103.42.31.22
Signatures
-
Processes:
resource yara_rule behavioral1/memory/1668-135-0x0000000010000000-0x0000000010192000-memory.dmp purplefox_rootkit behavioral1/memory/1668-141-0x0000000000400000-0x000000000060E000-memory.dmp purplefox_rootkit behavioral1/memory/1668-144-0x0000000000400000-0x000000000060E000-memory.dmp purplefox_rootkit -
Gh0st RAT payload 3 IoCs
Processes:
resource yara_rule behavioral1/memory/1668-135-0x0000000010000000-0x0000000010192000-memory.dmp family_gh0strat behavioral1/memory/1668-141-0x0000000000400000-0x000000000060E000-memory.dmp family_gh0strat behavioral1/memory/1668-144-0x0000000000400000-0x000000000060E000-memory.dmp family_gh0strat
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1668-134-0x0000000000400000-0x000000000060E000-memory.dmpFilesize
2.1MB
-
memory/1668-133-0x0000000000400000-0x000000000060E000-memory.dmpFilesize
2.1MB
-
memory/1668-135-0x0000000010000000-0x0000000010192000-memory.dmpFilesize
1.6MB
-
memory/1668-141-0x0000000000400000-0x000000000060E000-memory.dmpFilesize
2.1MB
-
memory/1668-142-0x0000000002380000-0x000000000238E000-memory.dmpFilesize
56KB
-
memory/1668-144-0x0000000000400000-0x000000000060E000-memory.dmpFilesize
2.1MB
-
memory/1668-145-0x0000000002380000-0x000000000238E000-memory.dmpFilesize
56KB