General
-
Target
Fanyi.msi.vir
-
Size
26.5MB
-
Sample
241119-eh86sszcrc
-
MD5
3d6804261513077c81543bfa24503bae
-
SHA1
a5b387c2402a77bf6ffd6835dbf79129a41a4ec6
-
SHA256
bdd5b875e9233fce93774ffcfc925daf2924eef9455d088d5dcddf41915d1112
-
SHA512
899b6e4ebe9ea71a37772149a78ed19b9e09d6b0b9f8287b85a484008d6e6ad0efa99eabf4c245958929a1f0b52672ffec05cb824578738fbb0107f312f531ec
-
SSDEEP
786432:FyPHKm4X1Ut5pZnm0p0syQvIwOpc1SYrBsff/p9QE:FEqm4X1U5pZm02syQt4iZr4n
Static task
static1
Behavioral task
behavioral1
Sample
Fanyi.msi
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Fanyi.msi
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Fanyi.msi.vir
-
Size
26.5MB
-
MD5
3d6804261513077c81543bfa24503bae
-
SHA1
a5b387c2402a77bf6ffd6835dbf79129a41a4ec6
-
SHA256
bdd5b875e9233fce93774ffcfc925daf2924eef9455d088d5dcddf41915d1112
-
SHA512
899b6e4ebe9ea71a37772149a78ed19b9e09d6b0b9f8287b85a484008d6e6ad0efa99eabf4c245958929a1f0b52672ffec05cb824578738fbb0107f312f531ec
-
SSDEEP
786432:FyPHKm4X1Ut5pZnm0p0syQvIwOpc1SYrBsff/p9QE:FEqm4X1U5pZm02syQt4iZr4n
-
Gh0st RAT payload
-
Gh0strat family
-
Purplefox family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-