General
-
Target
WPS_Setup.msi.vir
-
Size
242.9MB
-
Sample
241119-d7txqszbqb
-
MD5
3255760e78b6d9dd1ecdd6d4c31b2625
-
SHA1
fa10fb8c29029fedf846d88ab3aba3870056f287
-
SHA256
84eff4cdf5c39f9979e8d1434ab7e0472ca710bdcf0a5d4db920732386e31957
-
SHA512
2bb0e5bec54a840620758b530d09c4fade7fe3136938302e0388fb172af703a665425dfd50e94c5591177957c28cd9bc5899f5380e206ab61de1484ff9f3ccdd
-
SSDEEP
6291456:lLKBfaA+iLH02im/1aOUiWuXsiHDqzGw4VQ:lLWfadiL1B/1/UZucfzT4
Static task
static1
Behavioral task
behavioral1
Sample
WPS_Setup.msi
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
WPS_Setup.msi
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
WPS_Setup.msi.vir
-
Size
242.9MB
-
MD5
3255760e78b6d9dd1ecdd6d4c31b2625
-
SHA1
fa10fb8c29029fedf846d88ab3aba3870056f287
-
SHA256
84eff4cdf5c39f9979e8d1434ab7e0472ca710bdcf0a5d4db920732386e31957
-
SHA512
2bb0e5bec54a840620758b530d09c4fade7fe3136938302e0388fb172af703a665425dfd50e94c5591177957c28cd9bc5899f5380e206ab61de1484ff9f3ccdd
-
SSDEEP
6291456:lLKBfaA+iLH02im/1aOUiWuXsiHDqzGw4VQ:lLWfadiL1B/1/UZucfzT4
-
Gh0st RAT payload
-
Gh0strat family
-
Purplefox family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-