gh0strat | 28126b43d05a3b023c6495790eb51fd7f62955a9aa87b47201f0e7b3ccac9a9f | Triage

Submit
Reports

Overview

overview

Static

static

3

28126b43d0...9f.exe

windows7-x64

28126b43d0...9f.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

28126b43d05a3b023c6495790eb51fd7f62955a9aa87b47201f0e7b3ccac9a9f
Size

1.4MB
Sample

231014-q9b6xsfa3t
MD5

c062661f3c6ab0105d084ed02f5878c9
SHA1

fd17b4c1582e5c70884ef000536959471fe6b6c8
SHA256

28126b43d05a3b023c6495790eb51fd7f62955a9aa87b47201f0e7b3ccac9a9f
SHA512

a4202b46e27957e0ffb147384cf74f35a974b59a5276c3e1ab9e397d22ec13fc1c56ac8a792554e4745c1a89ca8071bc872a7491e1803a57cd8d8ef17a0026eb
SSDEEP

24576:F39WaOyHutimZ9VSly2hVvHW6qMnSbTBBhBMN:598HPkVOBTK

Score

10^/10

gh0strat purplefox rat rootkit trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

28126b43d05a3b023c6495790eb51fd7f62955a9aa87b47201f0e7b3ccac9a9f.exe

Resource

win7-20230831-en

gh0strat purplefox rat rootkit trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

28126b43d05a3b023c6495790eb51fd7f62955a9aa87b47201f0e7b3ccac9a9f.exe

Resource

win10v2004-20230915-en

gh0strat purplefox rat rootkit trojan

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  28126b43d05a3b023c6495790eb51fd7f62955a9aa87b47201f0e7b3ccac9a9f
- Size
  
  1.4MB
- MD5
  
  c062661f3c6ab0105d084ed02f5878c9
- SHA1
  
  fd17b4c1582e5c70884ef000536959471fe6b6c8
- SHA256
  
  28126b43d05a3b023c6495790eb51fd7f62955a9aa87b47201f0e7b3ccac9a9f
- SHA512
  
  a4202b46e27957e0ffb147384cf74f35a974b59a5276c3e1ab9e397d22ec13fc1c56ac8a792554e4745c1a89ca8071bc872a7491e1803a57cd8d8ef17a0026eb
- SSDEEP
  
  24576:F39WaOyHutimZ9VSly2hVvHW6qMnSbTBBhBMN:598HPkVOBTK
Score

10^/10

gh0strat purplefox rat rootkit trojan
- Detect PurpleFox Rootkit
  Detect PurpleFox Rootkit.
  rootkit
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- PurpleFox
  PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
  rootkit trojan purplefox
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gh0stratpurplefoxratrootkittrojan

behavioral2

gh0stratpurplefoxratrootkittrojan

© 2018-2025

Terms | Privacy