General
-
Target
44b8da8971bf629350a4f15278b683094f417575e5fac8519e87236ab3a75bd8.exe
-
Size
2.4MB
-
Sample
241117-rhvpma1kew
-
MD5
f21c945c5ee90cec90db66510778e5e7
-
SHA1
132d5d653082303e0cc7afed09534e6a576cbb1b
-
SHA256
44b8da8971bf629350a4f15278b683094f417575e5fac8519e87236ab3a75bd8
-
SHA512
2e30a1db393c5e351d153230c1f9f46ad6dd5bdb72d76590e0803bc8c2fa12b218b58422c55ebee678f9d94d704615806bca8aaa4565e704f58929802acf910f
-
SSDEEP
49152:VQZAdVyVT9n/Gg0P+WhoqJlxAibBEZ1LWtBzkOW:OGdVyVT9nOgmhRlZOAy
Static task
static1
Behavioral task
behavioral1
Sample
44b8da8971bf629350a4f15278b683094f417575e5fac8519e87236ab3a75bd8.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
44b8da8971bf629350a4f15278b683094f417575e5fac8519e87236ab3a75bd8.exe
-
Size
2.4MB
-
MD5
f21c945c5ee90cec90db66510778e5e7
-
SHA1
132d5d653082303e0cc7afed09534e6a576cbb1b
-
SHA256
44b8da8971bf629350a4f15278b683094f417575e5fac8519e87236ab3a75bd8
-
SHA512
2e30a1db393c5e351d153230c1f9f46ad6dd5bdb72d76590e0803bc8c2fa12b218b58422c55ebee678f9d94d704615806bca8aaa4565e704f58929802acf910f
-
SSDEEP
49152:VQZAdVyVT9n/Gg0P+WhoqJlxAibBEZ1LWtBzkOW:OGdVyVT9nOgmhRlZOAy
-
Gh0st RAT payload
-
Gh0strat family
-
Purplefox family
-
Drops file in Drivers directory
-
Server Software Component: Terminal Services DLL
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Server Software Component
1Terminal Services DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1