gh0strat

General

Target

0151b1c12911d3d4b2f1c1058c49f4dc2818f40566c8148e9776ad46ea27e9bb.exe
Size

6.6MB
Sample

230405-m4m5fsdc69
MD5

747de1c0fa9ca157906465b453694cc2
SHA1

ae2d5038e9529c5e9b1cc436e5fab5499cde5b22
SHA256

0151b1c12911d3d4b2f1c1058c49f4dc2818f40566c8148e9776ad46ea27e9bb
SHA512

d999d3bd11b6c1da597bdc08678ca904b91b911f4487d7281ec131966069d1f40f8190c78f0e81582b6aca5502ea27a00ed174bd94b989f056276b4fbfe902cb
SSDEEP

98304:vws2ANnKXOaeOgmhCeeAqgZqm9uALfprsQOQf7UOR:ZKXbeO7s8uAdv

Score

10^/10

Malware Config

Targets

- Target
  
  0151b1c12911d3d4b2f1c1058c49f4dc2818f40566c8148e9776ad46ea27e9bb.exe
- Size
  
  6.6MB
- MD5
  
  747de1c0fa9ca157906465b453694cc2
- SHA1
  
  ae2d5038e9529c5e9b1cc436e5fab5499cde5b22
- SHA256
  
  0151b1c12911d3d4b2f1c1058c49f4dc2818f40566c8148e9776ad46ea27e9bb
- SHA512
  
  d999d3bd11b6c1da597bdc08678ca904b91b911f4487d7281ec131966069d1f40f8190c78f0e81582b6aca5502ea27a00ed174bd94b989f056276b4fbfe902cb
- SSDEEP
  
  98304:vws2ANnKXOaeOgmhCeeAqgZqm9uALfprsQOQf7UOR:ZKXbeO7s8uAdv
Score

10^/10

gh0strat purplefox persistence rat rootkit trojan upx
- Detect PurpleFox Rootkit
  Detect PurpleFox Rootkit.
  rootkit
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- PurpleFox
  PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
  rootkit trojan purplefox
- Drops file in Drivers directory
- Sets DLL path for service in the registry
  persistence
- Sets service image path in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Remote System Discovery

1

T1018

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Detect PurpleFox Rootkit

Gh0st RAT payload

PurpleFox

Drops file in Drivers directory

Sets DLL path for service in the registry

Sets service image path in registry

Executes dropped EXE

Loads dropped DLL

UPX packed file

Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2