General
-
Target
fd6e356f17c7db639084ea710174ed0c4ca6c43cc701525f855f241653d47e2d.msi.vir
-
Size
242.2MB
-
Sample
241115-e3ykssylay
-
MD5
4393f1aeb2effbba1df28ca5057e2182
-
SHA1
ca2985c1f08350363b1b62756035b2982b787ab6
-
SHA256
fd6e356f17c7db639084ea710174ed0c4ca6c43cc701525f855f241653d47e2d
-
SHA512
3e655488342b8be0038049b8193da42481c4c2a868ca613f311095d656539d35f01c865a7cb44eb7227ca1ae1ad5b63199a6ba84644dd26506ce6256638d5ed7
-
SSDEEP
6291456:oLKBfaA+iLH02im/1aOUiWuXsiHDqzGw4w:oLWfadiL1B/1/UZucfzT4
Static task
static1
Behavioral task
behavioral1
Sample
fd6e356f17c7db639084ea710174ed0c4ca6c43cc701525f855f241653d47e2d.msi
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
fd6e356f17c7db639084ea710174ed0c4ca6c43cc701525f855f241653d47e2d.msi
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
fd6e356f17c7db639084ea710174ed0c4ca6c43cc701525f855f241653d47e2d.msi.vir
-
Size
242.2MB
-
MD5
4393f1aeb2effbba1df28ca5057e2182
-
SHA1
ca2985c1f08350363b1b62756035b2982b787ab6
-
SHA256
fd6e356f17c7db639084ea710174ed0c4ca6c43cc701525f855f241653d47e2d
-
SHA512
3e655488342b8be0038049b8193da42481c4c2a868ca613f311095d656539d35f01c865a7cb44eb7227ca1ae1ad5b63199a6ba84644dd26506ce6256638d5ed7
-
SSDEEP
6291456:oLKBfaA+iLH02im/1aOUiWuXsiHDqzGw4w:oLWfadiL1B/1/UZucfzT4
-
Gh0st RAT payload
-
Gh0strat family
-
Purplefox family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-