gh0strat

General

Target

72696e38726271fd46eddcdc9f96a47a0f6112cc16a7c16dccbb9046bfb64928
Size

12.8MB
Sample

240626-adw88asble
MD5

1fc222a926b0f946af98f82951626cdf
SHA1

8772a9d34cbda57d4e01edab68b1ee2f3b3c33dc
SHA256

72696e38726271fd46eddcdc9f96a47a0f6112cc16a7c16dccbb9046bfb64928
SHA512

df6bd1d9c63df30d527db43e52f85971cffa0f3cd8315c998acb4c09f26a12f84e723776f02e1f7a4a14176f4a9778e6cbd5e7197c06e04d1a138c27ece1e210
SSDEEP

196608:UWT9nO7LapEBX/WkfEYI02tpn7Pm9fhxGqiin3p4MQ4x5iS4:I7wGXqM2tVq9ZAqx5Re

Score

10^/10

Malware Config

Targets

- Target
  
  72696e38726271fd46eddcdc9f96a47a0f6112cc16a7c16dccbb9046bfb64928
- Size
  
  12.8MB
- MD5
  
  1fc222a926b0f946af98f82951626cdf
- SHA1
  
  8772a9d34cbda57d4e01edab68b1ee2f3b3c33dc
- SHA256
  
  72696e38726271fd46eddcdc9f96a47a0f6112cc16a7c16dccbb9046bfb64928
- SHA512
  
  df6bd1d9c63df30d527db43e52f85971cffa0f3cd8315c998acb4c09f26a12f84e723776f02e1f7a4a14176f4a9778e6cbd5e7197c06e04d1a138c27ece1e210
- SSDEEP
  
  196608:UWT9nO7LapEBX/WkfEYI02tpn7Pm9fhxGqiin3p4MQ4x5iS4:I7wGXqM2tVq9ZAqx5Re
Score

10^/10

gh0strat purplefox risepro persistence rat rootkit stealer trojan upx
- Detect PurpleFox Rootkit
  Detect PurpleFox Rootkit.
  rootkit
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- PurpleFox
  PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
  rootkit trojan purplefox
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Drops file in Drivers directory
- Server Software Component: Terminal Services DLL
  persistence
- Sets service image path in registry
  persistence
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral1 behavioral2