General
-
Target
4037df6c0b60bb7d411ba6f760843830bcb80483713e6eb91db5b9c8b9f0711d.msi.vir
-
Size
27.1MB
-
Sample
241119-kkt3jsseqe
-
MD5
756b1b81669fb5b5d745c83ced428cb1
-
SHA1
c573e1f1d32780c808db53e5fd5e571d617816e6
-
SHA256
4037df6c0b60bb7d411ba6f760843830bcb80483713e6eb91db5b9c8b9f0711d
-
SHA512
d9fd646383ff4fa82a920068b2141a94bd10424c5465040066d28be78be83ad730915b50bf1dfea9c2ed03b4a6b2287a19078a235a78aa835148a0381f5b00da
-
SSDEEP
786432:G3OL1MXJ/fZz/yft39ldEQk9EzbR8VP0wiVD8Kyt:iOL1MXJ3Zz/etDdEQfHm10LU
Static task
static1
Behavioral task
behavioral1
Sample
4037df6c0b60bb7d411ba6f760843830bcb80483713e6eb91db5b9c8b9f0711d.msi
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
4037df6c0b60bb7d411ba6f760843830bcb80483713e6eb91db5b9c8b9f0711d.msi
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
4037df6c0b60bb7d411ba6f760843830bcb80483713e6eb91db5b9c8b9f0711d.msi.vir
-
Size
27.1MB
-
MD5
756b1b81669fb5b5d745c83ced428cb1
-
SHA1
c573e1f1d32780c808db53e5fd5e571d617816e6
-
SHA256
4037df6c0b60bb7d411ba6f760843830bcb80483713e6eb91db5b9c8b9f0711d
-
SHA512
d9fd646383ff4fa82a920068b2141a94bd10424c5465040066d28be78be83ad730915b50bf1dfea9c2ed03b4a6b2287a19078a235a78aa835148a0381f5b00da
-
SSDEEP
786432:G3OL1MXJ/fZz/yft39ldEQk9EzbR8VP0wiVD8Kyt:iOL1MXJ3Zz/etDdEQfHm10LU
-
Gh0st RAT payload
-
Gh0strat family
-
Purplefox family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-