gh0strat | 5edede4eeec1a61e92d6c07df5dc64d68f0b618f2c7f23a625e14a3fee5b163b | Triage

Submit
Reports

Overview

overview

Static

static

3

5edede4eee...3b.exe

windows7-x64

5edede4eee...3b.exe

windows10-2004-x64

Sharing

General

Target

5edede4eeec1a61e92d6c07df5dc64d68f0b618f2c7f23a625e14a3fee5b163b
Size

13.0MB
Sample

240525-wtke9ade47
MD5

47c9fb12214063f8ad047b610c5a0b23
SHA1

2f8dbb1afcbc34990c00e4287b719818df13f55a
SHA256

5edede4eeec1a61e92d6c07df5dc64d68f0b618f2c7f23a625e14a3fee5b163b
SHA512

abe197fb25efeb8f7058c0e0fc23dea1e09de546aa1a2a7587aa00dc7b0b687c3f1f228eee44f840fac36c7350e898db1c95839e0fc5582386f480752b2b659f
SSDEEP

196608:TKXbeO75kwEI3CcdEsnSi4bLq3mEHdmJVgkO:47oI1EsSi4CmEHdme

Score

10^/10

gh0strat purplefox persistence rat rootkit trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5edede4eeec1a61e92d6c07df5dc64d68f0b618f2c7f23a625e14a3fee5b163b.exe

Resource

win7-20240220-en

gh0strat purplefox persistence rat rootkit trojan upx

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

5edede4eeec1a61e92d6c07df5dc64d68f0b618f2c7f23a625e14a3fee5b163b.exe

Resource

win10v2004-20240426-en

gh0strat purplefox persistence rat rootkit trojan upx

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Targets

- Target
  
  5edede4eeec1a61e92d6c07df5dc64d68f0b618f2c7f23a625e14a3fee5b163b
- Size
  
  13.0MB
- MD5
  
  47c9fb12214063f8ad047b610c5a0b23
- SHA1
  
  2f8dbb1afcbc34990c00e4287b719818df13f55a
- SHA256
  
  5edede4eeec1a61e92d6c07df5dc64d68f0b618f2c7f23a625e14a3fee5b163b
- SHA512
  
  abe197fb25efeb8f7058c0e0fc23dea1e09de546aa1a2a7587aa00dc7b0b687c3f1f228eee44f840fac36c7350e898db1c95839e0fc5582386f480752b2b659f
- SSDEEP
  
  196608:TKXbeO75kwEI3CcdEsnSi4bLq3mEHdmJVgkO:47oI1EsSi4CmEHdme
Score

10^/10

gh0strat purplefox persistence rat rootkit trojan upx
- Detect PurpleFox Rootkit
  Detect PurpleFox Rootkit.
  rootkit
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- PurpleFox
  PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
  rootkit trojan purplefox
- Drops file in Drivers directory
- Sets DLL path for service in the registry
  persistence
- Sets service image path in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratpurplefoxpersistenceratrootkittrojanupx

behavioral2

gh0stratpurplefoxpersistenceratrootkittrojanupx

© 2018-2024

Terms | Privacy