gh0strat | 8b24e43d325a556c6797cc7753f6a555d47b0c7f24bad99b2009baf8a0796065 | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

3

cryptolaemus

windows11-21h2-x64

Sharing

Copy URL Twitter E-mail

General

Target

8b24e43d325a556c6797cc7753f6a555d47b0c7f24bad99b2009baf8a0796065
Size

9.3MB
Sample

240527-m9s8nahc8v
MD5

598f99c870529c864b369aff4b27fc20
SHA1

867bb49c288e93ac0fbd6631183373be56527c79
SHA256

8b24e43d325a556c6797cc7753f6a555d47b0c7f24bad99b2009baf8a0796065
SHA512

1114a296257e5092f714073ee8542fc6ed3cc14ccadad45a2ab452b219f1b71faacd6a071c83ac1cad8919d418536e7701c18982bdc58aca5cc8421bb43f1973
SSDEEP

24576:IGAbS7ZX8hjUTgcUjChFMT9ChBZCWERAmpJKOf7ygPYoU1RI5tsBydOfC/zg347N:/1RTxUmiTIhHicg1U1RI5tsB4772qc2

Score

10^/10

gh0strat purplefox persistence rat rootkit trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8b24e43d325a556c6797cc7753f6a555d47b0c7f24bad99b2009baf8a0796065.exe

Resource

win10v2004-20240426-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

8b24e43d325a556c6797cc7753f6a555d47b0c7f24bad99b2009baf8a0796065.exe

Resource

win11-20240419-en

gh0strat purplefox persistence rat rootkit trojan

windows11-21h2-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  8b24e43d325a556c6797cc7753f6a555d47b0c7f24bad99b2009baf8a0796065
- Size
  
  9.3MB
- MD5
  
  598f99c870529c864b369aff4b27fc20
- SHA1
  
  867bb49c288e93ac0fbd6631183373be56527c79
- SHA256
  
  8b24e43d325a556c6797cc7753f6a555d47b0c7f24bad99b2009baf8a0796065
- SHA512
  
  1114a296257e5092f714073ee8542fc6ed3cc14ccadad45a2ab452b219f1b71faacd6a071c83ac1cad8919d418536e7701c18982bdc58aca5cc8421bb43f1973
- SSDEEP
  
  24576:IGAbS7ZX8hjUTgcUjChFMT9ChBZCWERAmpJKOf7ygPYoU1RI5tsBydOfC/zg347N:/1RTxUmiTIhHicg1U1RI5tsB4772qc2
Score

10^/10

gh0strat purplefox persistence rat rootkit trojan
- Detect PurpleFox Rootkit
  Detect PurpleFox Rootkit.
  rootkit
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- PurpleFox
  PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
  rootkit trojan purplefox
- Downloads MZ/PE file
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

gh0stratpurplefoxpersistenceratrootkittrojan

© 2018-2025

Terms | Privacy