Overview

overview

10

Static

static

3

6c3e03f52f...05.exe

windows7-x64

10

6c3e03f52f...05.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    6c3e03f52f5d51358eeecf2a477fbbf68d28737bed5bf24a28169b80f66c6305

  • Size

    2.3MB

  • Sample

    230829-b8fqdscc61

  • MD5

    be2f55bf44ecf84cdd8cb5161344d3ab

  • SHA1

    ceaec53d185ba65c5952313ba9134a47935367e4

  • SHA256

    6c3e03f52f5d51358eeecf2a477fbbf68d28737bed5bf24a28169b80f66c6305

  • SHA512

    ae05d14d1a50ffc2b527cb69d47d7f1926272265b12a5dac8bc44562045af80afe3aaf2bba6dd3b838d2a6b89bf177f92852f798796296bfddbaf9b2c6fefbc6

  • SSDEEP

    24576:iOew/O1yKYcQXYhpQAvdjeTAbwW/tCTEWChPGK77DgfZ6iMaWLxfAAXhDOrxs9H3:LWAYJjeTIqToZ7XiMTirQHxV

Score
10/10
gh0stratpurplefoxpersistenceratrootkittrojan

Malware Config

Targets

    • Target

      6c3e03f52f5d51358eeecf2a477fbbf68d28737bed5bf24a28169b80f66c6305

    • Size

      2.3MB

    • MD5

      be2f55bf44ecf84cdd8cb5161344d3ab

    • SHA1

      ceaec53d185ba65c5952313ba9134a47935367e4

    • SHA256

      6c3e03f52f5d51358eeecf2a477fbbf68d28737bed5bf24a28169b80f66c6305

    • SHA512

      ae05d14d1a50ffc2b527cb69d47d7f1926272265b12a5dac8bc44562045af80afe3aaf2bba6dd3b838d2a6b89bf177f92852f798796296bfddbaf9b2c6fefbc6

    • SSDEEP

      24576:iOew/O1yKYcQXYhpQAvdjeTAbwW/tCTEWChPGK77DgfZ6iMaWLxfAAXhDOrxs9H3:LWAYJjeTIqToZ7XiMTirQHxV

    Score
    10/10
    gh0stratpurplefoxpersistenceratrootkittrojan

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

      rootkit

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

      rootkittrojanpurplefox

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks