gh0strat

General

Target

36aed5f98e2fb9b5bfdd511c4523433fb064ccf8fa11e3ff35ea824263d9d971
Size

412KB
Sample

240419-mdr1qafh24
MD5

7e9da5d30b4a382f32849b0c1c023fc8
SHA1

a924946f56c22998e643e3968978cf4840f53084
SHA256

36aed5f98e2fb9b5bfdd511c4523433fb064ccf8fa11e3ff35ea824263d9d971
SHA512

80c3ee897533fff96912199c2aeea4bc92a5906027d92d3a16aa79ae9abd3f9b4f40c37224e6875d38eeaa686f374172e27ff78ae6edeb8da8cac17565f0f105
SSDEEP

6144:HSnXXvkgGTzz00trtpVIOnd4RM6P0Nmr6YmcSUJinTEZEx8UxDSwz84:yH0zlLVIO2mascS2iz8wDSwz8

Score

10^/10

Malware Config

Targets

- Target
  
  36aed5f98e2fb9b5bfdd511c4523433fb064ccf8fa11e3ff35ea824263d9d971
- Size
  
  412KB
- MD5
  
  7e9da5d30b4a382f32849b0c1c023fc8
- SHA1
  
  a924946f56c22998e643e3968978cf4840f53084
- SHA256
  
  36aed5f98e2fb9b5bfdd511c4523433fb064ccf8fa11e3ff35ea824263d9d971
- SHA512
  
  80c3ee897533fff96912199c2aeea4bc92a5906027d92d3a16aa79ae9abd3f9b4f40c37224e6875d38eeaa686f374172e27ff78ae6edeb8da8cac17565f0f105
- SSDEEP
  
  6144:HSnXXvkgGTzz00trtpVIOnd4RM6P0Nmr6YmcSUJinTEZEx8UxDSwz84:yH0zlLVIO2mascS2iz8wDSwz8
Score

10^/10

gh0strat purplefox rat rootkit trojan upx
- Detect PurpleFox Rootkit
  Detect PurpleFox Rootkit.
  rootkit
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- PurpleFox
  PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
  rootkit trojan purplefox
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Remote System Discovery

1

T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Detect PurpleFox Rootkit

Gh0st RAT payload

PurpleFox

Checks computer location settings

Deletes itself

Executes dropped EXE

Loads dropped DLL

UPX packed file

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2