gh0strat | 37152d8ab3bac1660d9dc16617064b909afa2c6aae39af0ce99473a5547ea765 | Triage

Submit
Reports

Overview

overview

Static

static

3

37152d8ab3...65.exe

windows7-x64

37152d8ab3...65.exe

windows10-2004-x64

Sharing

General

Target

37152d8ab3bac1660d9dc16617064b909afa2c6aae39af0ce99473a5547ea765
Size

7.7MB
Sample

240422-rlzgzscc44
MD5

11a9c395ab60f1836df2911fe40e8551
SHA1

2aa9bdaa8dee1beb26ab49ed04e95586f14e118c
SHA256

37152d8ab3bac1660d9dc16617064b909afa2c6aae39af0ce99473a5547ea765
SHA512

edaee78ce2274aa5c2d68f77be0e1351a731aa87f7bcbf4e6af295966c6e3f92f2224b4e6586c524dedcadd67577db4d74bacfc0b430bf67aef8a68090804bf7
SSDEEP

196608:NKXbeO73nWYPWk5ns1VID5Nou9ZQRiQ7Kh84:G7moj5n02ou0RiQ7KK

Score

10^/10

gh0strat purplefox persistence rat rootkit trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

37152d8ab3bac1660d9dc16617064b909afa2c6aae39af0ce99473a5547ea765.exe

Resource

win7-20240221-en

gh0strat purplefox persistence rat rootkit trojan upx

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

37152d8ab3bac1660d9dc16617064b909afa2c6aae39af0ce99473a5547ea765.exe

Resource

win10v2004-20240412-en

gh0strat purplefox persistence rat rootkit trojan upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  37152d8ab3bac1660d9dc16617064b909afa2c6aae39af0ce99473a5547ea765
- Size
  
  7.7MB
- MD5
  
  11a9c395ab60f1836df2911fe40e8551
- SHA1
  
  2aa9bdaa8dee1beb26ab49ed04e95586f14e118c
- SHA256
  
  37152d8ab3bac1660d9dc16617064b909afa2c6aae39af0ce99473a5547ea765
- SHA512
  
  edaee78ce2274aa5c2d68f77be0e1351a731aa87f7bcbf4e6af295966c6e3f92f2224b4e6586c524dedcadd67577db4d74bacfc0b430bf67aef8a68090804bf7
- SSDEEP
  
  196608:NKXbeO73nWYPWk5ns1VID5Nou9ZQRiQ7Kh84:G7moj5n02ou0RiQ7KK
Score

10^/10

gh0strat purplefox persistence rat rootkit trojan upx
- Detect PurpleFox Rootkit
  Detect PurpleFox Rootkit.
  rootkit
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- PurpleFox
  PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
  rootkit trojan purplefox
- Drops file in Drivers directory
- Sets DLL path for service in the registry
  persistence
- Sets service image path in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gh0stratpurplefoxpersistenceratrootkittrojanupx

behavioral2

gh0stratpurplefoxpersistenceratrootkittrojanupx

© 2018-2024

Terms | Privacy