gh0strat | d2919890912b5a7ab442e625f5d6c7ba958685468c6a15bcc0957ed1dba87ea4 | Triage

Submit
Reports

Overview

overview

Static

static

d291989091...a4.dll

windows10-2004-x64

Sharing

General

Target

d2919890912b5a7ab442e625f5d6c7ba958685468c6a15bcc0957ed1dba87ea4
Size

1.5MB
Sample

250405-rxmybsy1cs
MD5

694610c692183843d8bbecdb90bc978a
SHA1

51a06b1a7da1b040369f4c639e58022363f9e95b
SHA256

d2919890912b5a7ab442e625f5d6c7ba958685468c6a15bcc0957ed1dba87ea4
SHA512

6cb7ed5557c801f1cf53b388c9ea56a20a8f564171a77a81a436b8e34bf9362b38cc0fbde535161cdf1d677ffa627f8a95bc60fcdab792f798ec1f2f339f4267
SSDEEP

24576:F4fN+868tejzFO9dZ73/Ci9oOIrhjOnM5hyv3m8AMtRyce0LdbK0Q:BQ9Fu

Score

10^/10

gh0strat purplefox discovery rat rootkit trojan upx

Static task

static1

rootkit upx gh0strat purplefox

7 signatures

Behavioral task

behavioral1

Sample

d2919890912b5a7ab442e625f5d6c7ba958685468c6a15bcc0957ed1dba87ea4.dll

Resource

win10v2004-20250314-en

gh0strat purplefox discovery rat rootkit trojan upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  d2919890912b5a7ab442e625f5d6c7ba958685468c6a15bcc0957ed1dba87ea4
- Size
  
  1.5MB
- MD5
  
  694610c692183843d8bbecdb90bc978a
- SHA1
  
  51a06b1a7da1b040369f4c639e58022363f9e95b
- SHA256
  
  d2919890912b5a7ab442e625f5d6c7ba958685468c6a15bcc0957ed1dba87ea4
- SHA512
  
  6cb7ed5557c801f1cf53b388c9ea56a20a8f564171a77a81a436b8e34bf9362b38cc0fbde535161cdf1d677ffa627f8a95bc60fcdab792f798ec1f2f339f4267
- SSDEEP
  
  24576:F4fN+868tejzFO9dZ73/Ci9oOIrhjOnM5hyv3m8AMtRyce0LdbK0Q:BQ9Fu
Score

10^/10

gh0strat purplefox discovery rat rootkit trojan upx
- Detect PurpleFox Rootkit
  Detect PurpleFox Rootkit.
  rootkit
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Gh0strat family
  gh0strat
- PurpleFox
  PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
  rootkit trojan purplefox
- Purplefox family
  purplefox
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

rootkitupxgh0stratpurplefox

behavioral1

gh0stratpurplefoxdiscoveryratrootkittrojanupx

© 2018-2025

Terms | Privacy