gh0strat | 469c0ed89f912dc2ca53bdc706134a88fb6d645b666162ca81c6800d25ce0648 | Triage

Submit
Reports

Overview

overview

Static

static

3

469c0ed89f...48.dll

windows7-x64

469c0ed89f...48.dll

windows10-2004-x64

Sharing

General

Target

469c0ed89f912dc2ca53bdc706134a88fb6d645b666162ca81c6800d25ce0648
Size

3.0MB
Sample

241013-j6vqja1cln
MD5

ec6456bcd6d4ab065076e9bc02f056f9
SHA1

71bf821dfaaf9cf55976e8ebde3206a2b3abbb6d
SHA256

469c0ed89f912dc2ca53bdc706134a88fb6d645b666162ca81c6800d25ce0648
SHA512

cae877acc4713abbaee8da7724a85b4e608665fa2478ecca57a63ebd6d56505f60cd9d7e35f9af8f040eb0605e29bfc2de78461ad67efeb51d71f5a9ae4b5f53
SSDEEP

49152:38oZB2ESGJCv3pL78QiDPLkKMPc+InpqHoi/bDLWMR1awvKoGB+riab:PB2ESGcv5LbiDPLNM4pqIi/bDLjbzFr

Score

10^/10

gh0strat purplefox discovery persistence rat rootkit trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

469c0ed89f912dc2ca53bdc706134a88fb6d645b666162ca81c6800d25ce0648.dll

Resource

win7-20240729-en

gh0strat purplefox discovery persistence rat rootkit trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

469c0ed89f912dc2ca53bdc706134a88fb6d645b666162ca81c6800d25ce0648.dll

Resource

win10v2004-20241007-en

gh0strat purplefox discovery persistence rat rootkit trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  469c0ed89f912dc2ca53bdc706134a88fb6d645b666162ca81c6800d25ce0648
- Size
  
  3.0MB
- MD5
  
  ec6456bcd6d4ab065076e9bc02f056f9
- SHA1
  
  71bf821dfaaf9cf55976e8ebde3206a2b3abbb6d
- SHA256
  
  469c0ed89f912dc2ca53bdc706134a88fb6d645b666162ca81c6800d25ce0648
- SHA512
  
  cae877acc4713abbaee8da7724a85b4e608665fa2478ecca57a63ebd6d56505f60cd9d7e35f9af8f040eb0605e29bfc2de78461ad67efeb51d71f5a9ae4b5f53
- SSDEEP
  
  49152:38oZB2ESGJCv3pL78QiDPLkKMPc+InpqHoi/bDLWMR1awvKoGB+riab:PB2ESGcv5LbiDPLNM4pqIi/bDLjbzFr
Score

10^/10

gh0strat purplefox discovery persistence rat rootkit trojan
- Detect PurpleFox Rootkit
  Detect PurpleFox Rootkit.
  rootkit
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- PurpleFox
  PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
  rootkit trojan purplefox
- Blocklisted process makes network request
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratpurplefoxdiscoverypersistenceratrootkittrojan

behavioral2

gh0stratpurplefoxdiscoverypersistenceratrootkittrojan

© 2018-2025

Terms | Privacy