General
-
Target
ddbfb4731c0f87850f78ef9b89b1f70c2722e94ec6340311e37486e88437d132
-
Size
4.6MB
-
Sample
241115-qenw8svarf
-
MD5
e380ec197850ecbb1d6fe33260dd35ef
-
SHA1
60f04097d4e12a90755dbbc4dbedbb05fadacde9
-
SHA256
ddbfb4731c0f87850f78ef9b89b1f70c2722e94ec6340311e37486e88437d132
-
SHA512
74c27d4ab145de809f373235e8b69eb3b4b3b8f8e501d6b8d6c3293a26a9006892f214e5fe363022d84d5ccb3c510c461e90a63926f9b9618af04d2d47e39bb3
-
SSDEEP
49152:8QZAdVyVT9n/Gg0P+WhoYbXsPNIULkmp1/j6AeXZG7wmpvGF1IP9z5WuHC4O8b8R:9GdVyVT9nOgmhXbXsPN5kiQaZ56
Static task
static1
Behavioral task
behavioral1
Sample
ddbfb4731c0f87850f78ef9b89b1f70c2722e94ec6340311e37486e88437d132.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
ddbfb4731c0f87850f78ef9b89b1f70c2722e94ec6340311e37486e88437d132
-
Size
4.6MB
-
MD5
e380ec197850ecbb1d6fe33260dd35ef
-
SHA1
60f04097d4e12a90755dbbc4dbedbb05fadacde9
-
SHA256
ddbfb4731c0f87850f78ef9b89b1f70c2722e94ec6340311e37486e88437d132
-
SHA512
74c27d4ab145de809f373235e8b69eb3b4b3b8f8e501d6b8d6c3293a26a9006892f214e5fe363022d84d5ccb3c510c461e90a63926f9b9618af04d2d47e39bb3
-
SSDEEP
49152:8QZAdVyVT9n/Gg0P+WhoYbXsPNIULkmp1/j6AeXZG7wmpvGF1IP9z5WuHC4O8b8R:9GdVyVT9nOgmhXbXsPN5kiQaZ56
-
Gh0st RAT payload
-
Gh0strat family
-
Purplefox family
-
Drops file in Drivers directory
-
Server Software Component: Terminal Services DLL
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Server Software Component
1Terminal Services DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1