gh0strat | 5806915d5837d67d9dfa639ff1df19e4c410ed1093f7a2e6f116fddff6236820 | Triage

Submit
Reports

Overview

overview

Static

static

3

5806915d58...20.exe

windows7-x64

5806915d58...20.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

5806915d5837d67d9dfa639ff1df19e4c410ed1093f7a2e6f116fddff6236820
Size

1.3MB
Sample

240719-s9de4asbke
MD5

d41e0ce7e7c9b29d31fc78c648a372c1
SHA1

e32fc61e8a562bc04b0f561d1411f13dd3be6306
SHA256

5806915d5837d67d9dfa639ff1df19e4c410ed1093f7a2e6f116fddff6236820
SHA512

df81a2f1a3ab289b0a0b154b670c8c10cfbda36b223853f20999c51c9b234bd6a40bcd163c1f8155d1a36434e5a6d7a70b7200306d98e5c2d3cf074c7fd2a574
SSDEEP

24576:dOyHutimZ9VSly2hVvHW6qMnSbTBBhBMN7:QHPkVOBTK

Score

10^/10

gh0strat purplefox persistence rat rootkit trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5806915d5837d67d9dfa639ff1df19e4c410ed1093f7a2e6f116fddff6236820.exe

Resource

win7-20240704-en

gh0strat purplefox persistence rat rootkit trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

5806915d5837d67d9dfa639ff1df19e4c410ed1093f7a2e6f116fddff6236820.exe

Resource

win10v2004-20240709-en

gh0strat purplefox persistence rat rootkit trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  5806915d5837d67d9dfa639ff1df19e4c410ed1093f7a2e6f116fddff6236820
- Size
  
  1.3MB
- MD5
  
  d41e0ce7e7c9b29d31fc78c648a372c1
- SHA1
  
  e32fc61e8a562bc04b0f561d1411f13dd3be6306
- SHA256
  
  5806915d5837d67d9dfa639ff1df19e4c410ed1093f7a2e6f116fddff6236820
- SHA512
  
  df81a2f1a3ab289b0a0b154b670c8c10cfbda36b223853f20999c51c9b234bd6a40bcd163c1f8155d1a36434e5a6d7a70b7200306d98e5c2d3cf074c7fd2a574
- SSDEEP
  
  24576:dOyHutimZ9VSly2hVvHW6qMnSbTBBhBMN7:QHPkVOBTK
Score

10^/10

gh0strat purplefox persistence rat rootkit trojan
- Detect PurpleFox Rootkit
  Detect PurpleFox Rootkit.
  rootkit
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- PurpleFox
  PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
  rootkit trojan purplefox
- Drops file in Drivers directory
- Sets service image path in registry
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratpurplefoxpersistenceratrootkittrojan

behavioral2

gh0stratpurplefoxpersistenceratrootkittrojan

© 2018-2025

Terms | Privacy