gh0strat | 5f523ca858a54f437a676f1b03682fb73fb2c02c388e38214c3a306fb11bf395 | Triage

Submit
Reports

Overview

overview

Static

static

1

5f523ca858...95.msi

windows7-x64

8

5f523ca858...95.msi

windows10-2004-x64

Sharing

General

Target

5f523ca858a54f437a676f1b03682fb73fb2c02c388e38214c3a306fb11bf395.msi.v
Size

31.4MB
Sample

241027-pjmdjaxdmf
MD5

44e80380964f2ccbc6bc7b14ad4ffd3f
SHA1

c1b9a5cf8b8b63860fab7b3e8094fb0f58892596
SHA256

5f523ca858a54f437a676f1b03682fb73fb2c02c388e38214c3a306fb11bf395
SHA512

93a9935aa0b14b99b8d74ecc9870a782907afd540a21759f56cc837fab72b33ce5386b7c6623987596fad15594848e47da36efed60d1553a566e2bc54c90647d
SSDEEP

786432:FPmtdVFmEvj9/DRTZVb2kZDJkj4BZELqx4LIsUtC1dQ+8eQfH2oPFQx:APVAW9Ff2kZaUBKLquL1UtCY+8x22FC

Score

10^/10

gh0strat purplefox discovery evasion execution persistence privilege_escalation rat rootkit trojan

Static task

static1

Behavioral task

behavioral1

Sample

5f523ca858a54f437a676f1b03682fb73fb2c02c388e38214c3a306fb11bf395.msi

Resource

win7-20241023-en

discovery evasion execution persistence privilege_escalation

windows7-x64

25 signatures

150 seconds

Behavioral task

behavioral2

Sample

5f523ca858a54f437a676f1b03682fb73fb2c02c388e38214c3a306fb11bf395.msi

Resource

win10v2004-20241007-en

gh0strat purplefox discovery evasion execution persistence privilege_escalation rat rootkit trojan

windows10-2004-x64

34 signatures

150 seconds

Malware Config

Targets

- Target
  
  5f523ca858a54f437a676f1b03682fb73fb2c02c388e38214c3a306fb11bf395.msi.v
- Size
  
  31.4MB
- MD5
  
  44e80380964f2ccbc6bc7b14ad4ffd3f
- SHA1
  
  c1b9a5cf8b8b63860fab7b3e8094fb0f58892596
- SHA256
  
  5f523ca858a54f437a676f1b03682fb73fb2c02c388e38214c3a306fb11bf395
- SHA512
  
  93a9935aa0b14b99b8d74ecc9870a782907afd540a21759f56cc837fab72b33ce5386b7c6623987596fad15594848e47da36efed60d1553a566e2bc54c90647d
- SSDEEP
  
  786432:FPmtdVFmEvj9/DRTZVb2kZDJkj4BZELqx4LIsUtC1dQ+8eQfH2oPFQx:APVAW9Ff2kZaUBKLquL1UtCY+8x22FC
Score

10^/10

discovery evasion execution persistence privilege_escalation gh0strat purplefox rat rootkit trojan
- Detect PurpleFox Rootkit
  Detect PurpleFox Rootkit.
  rootkit
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Gh0strat family
  gh0strat
- PurpleFox
  PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
  rootkit trojan purplefox
- Purplefox family
  purplefox
- Drops file in Drivers directory
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Modifies Windows Firewall
  evasion
- Network Service Discovery
  Attempt to gather information on host's network.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Installer Packages

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Installer Packages

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Subvert Trust Controls

Install Root Certificate

System Binary Proxy Execution

Msiexec

Credential Access

Discovery

Network Service Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionexecutionpersistenceprivilege_escalation

behavioral2

gh0stratpurplefoxdiscoveryevasionexecutionpersistenceprivilege_escalationratrootkittrojan

© 2018-2024

Terms | Privacy