gh0strat | 7ee5450afa7aae8af9ed319028de5a080dc554ee52b9eabf14117c61850b89b6 | Triage

Submit
Reports

Overview

overview

Static

static

3

maochilaoshu.exe

windows10-2004-x64

Resubmissions

20-06-2023 15:51

230620-tarzwaeb41 10

20-06-2023 15:47

230620-s8kssaeb31 10

Sharing

General

Target

maochilaoshu.zip
Size

1.4MB
Sample

230620-tarzwaeb41
MD5

1e91c9334d07c15c2d724311f97d962f
SHA1

f8089a0b6472d13b9ad54225f9c251d7fc185833
SHA256

7ee5450afa7aae8af9ed319028de5a080dc554ee52b9eabf14117c61850b89b6
SHA512

38164610e39907aff642bbadf116a77ef8fee683dc8e4167643f76f70f9ffb719877f44e85beb4c77f8273ec36914dde1c7af54f77665df514fd4a4836324934
SSDEEP

24576:tKtwMFzsKE6q7/sTmojLboPzOu1l3AS/34/jYrBk0E+xgBT6MgjfAJ9MR81w4IJL:0+Mk6liojnoPzltd/eYrBr5ggjfApIwE

Score

10^/10

gh0strat purplefox rat rootkit trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

maochilaoshu.exe

Resource

win10v2004-20230220-en

gh0strat purplefox rat rootkit trojan

windows10-2004-x64

13 signatures

300 seconds

Malware Config

Targets

- Target
  
  maochilaoshu.exe
- Size
  
  2.9MB
- MD5
  
  0772c75ff821f29e479ddc1da9a87740
- SHA1
  
  a06b6ed12126982f590893526ae6e3eec56ee4fc
- SHA256
  
  97c0b79f8421a1b0c3ef8129564ecf8b6ef037bdd432c8e856fd84e5d207edf4
- SHA512
  
  f0c40bb177c6ec4879840410fd0510bdf3c5d3e6a0de8d8f4ca98c23d0557f41f3e557184637ee9b29821b24927d5cea2951b118c84f5164a65ed3a580631286
- SSDEEP
  
  49152:WVbFeZNzXNBukNbW1Z6ZbaHcYz5aAVKiw6ZWqTG93jJ3hWpVcQ:ubONzdBPKg3Yz5J/693kb
Score

10^/10

gh0strat purplefox rat rootkit trojan
- Detect PurpleFox Rootkit
  Detect PurpleFox Rootkit.
  rootkit
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- PurpleFox
  PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
  rootkit trojan purplefox
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gh0stratpurplefoxratrootkittrojan

© 2018-2024

Terms | Privacy