gh0strat

General

Target

78d771f27168654e2613cb58e87091399f2688243ab3fbca146c2fb7922adabb
Size

56KB
Sample

230507-d6341sbe42
MD5

73c3350704ffe9e275668949095bf71f
SHA1

cdaa1cd836994e9f918588b5a05717834939e3ce
SHA256

78d771f27168654e2613cb58e87091399f2688243ab3fbca146c2fb7922adabb
SHA512

30122cbca0ae696fa4a786b9db6908cb04697673a39f4dbf2a836a371f65eed9b623857f8a49bf56964faa77831423354b91f40994471264bb4938339477c3f7
SSDEEP

768:Vu9oX4vbafJP+At7QjEEEfEEEEEEEWEEEEEEEnz0SyCs1Vm89TQfLNfK1tRcjrpJ:w9o4GxPZ7zSps1EJZ8cjrNeooZdJUcA

Score

10^/10

Malware Config

Targets

- Target
  
  78d771f27168654e2613cb58e87091399f2688243ab3fbca146c2fb7922adabb
- Size
  
  56KB
- MD5
  
  73c3350704ffe9e275668949095bf71f
- SHA1
  
  cdaa1cd836994e9f918588b5a05717834939e3ce
- SHA256
  
  78d771f27168654e2613cb58e87091399f2688243ab3fbca146c2fb7922adabb
- SHA512
  
  30122cbca0ae696fa4a786b9db6908cb04697673a39f4dbf2a836a371f65eed9b623857f8a49bf56964faa77831423354b91f40994471264bb4938339477c3f7
- SSDEEP
  
  768:Vu9oX4vbafJP+At7QjEEEfEEEEEEEWEEEEEEEnz0SyCs1Vm89TQfLNfK1tRcjrpJ:w9o4GxPZ7zSps1EJZ8cjrNeooZdJUcA
Score

10^/10

gh0strat purplefox rat rootkit trojan
- Detect PurpleFox Rootkit
  Detect PurpleFox Rootkit.
  rootkit
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- PurpleFox
  PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
  rootkit trojan purplefox
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

3

T1012

System Information Discovery

4

T1082

Peripheral Device Discovery

1

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Targets

Detect PurpleFox Rootkit

Gh0st RAT payload

PurpleFox

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Enumerates connected drives

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2