gh0strat

General

Target

6d63304e10db535e95b5fc2dcdb27d85a5a364ed8a9df7e536249586738bb7f3
Size

3.0MB
Sample

240526-enppcaec91
MD5

dbdcba579712bb10c7a344394d555a70
SHA1

46f76cc72521de1bf792e1f354e35cadf67a7171
SHA256

6d63304e10db535e95b5fc2dcdb27d85a5a364ed8a9df7e536249586738bb7f3
SHA512

5b788f8aabbbcae5e0105bb899b378669cbfc39b6d49b09c6510b28e3e2941dfb01ce9309eac267a55ad62303aac155bdfed6b24300672ab12e83538a7e2662c
SSDEEP

98304:2oo0b+Djihd+BbSiXnnxxwoax6JBAUZL+:zCa7+BusxLJVy

Score

10^/10

Malware Config

Targets

- Target
  
  6d63304e10db535e95b5fc2dcdb27d85a5a364ed8a9df7e536249586738bb7f3
- Size
  
  3.0MB
- MD5
  
  dbdcba579712bb10c7a344394d555a70
- SHA1
  
  46f76cc72521de1bf792e1f354e35cadf67a7171
- SHA256
  
  6d63304e10db535e95b5fc2dcdb27d85a5a364ed8a9df7e536249586738bb7f3
- SHA512
  
  5b788f8aabbbcae5e0105bb899b378669cbfc39b6d49b09c6510b28e3e2941dfb01ce9309eac267a55ad62303aac155bdfed6b24300672ab12e83538a7e2662c
- SSDEEP
  
  98304:2oo0b+Djihd+BbSiXnnxxwoax6JBAUZL+:zCa7+BusxLJVy
Score

10^/10

gh0strat purplefox persistence rat rootkit spyware stealer trojan upx
- Detect PurpleFox Rootkit
  Detect PurpleFox Rootkit.
  rootkit
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- PurpleFox
  PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
  rootkit trojan purplefox
- Drops file in Drivers directory
- Sets service image path in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2