General
-
Target
35aa7b5eede048c5bc4c26f73b5bc9c62edc9167cc3f04bc0e967f8aeabd2b91.msi.vir
-
Size
37.5MB
-
Sample
241124-mz8wcssmdr
-
MD5
0abc6b6ea4e322a248f31125ddb8911b
-
SHA1
26f0a5b6631e7ae1e324f8ce24eb967379f07416
-
SHA256
35aa7b5eede048c5bc4c26f73b5bc9c62edc9167cc3f04bc0e967f8aeabd2b91
-
SHA512
364314fa2a63d53537a60a322fee9879650e653085719c5c81149037fafb12dd3bbc0e019e4a22cd3400db1c9e9bfcf637749f7efbcfed8368771dbfcd42ebe9
-
SSDEEP
786432:TddVYfoDIf7i1q8WjTRThlXgxopO+9giU2yoLVhm+Zjh:TddVYf00pDfO+9DU2vLVVVh
Static task
static1
Behavioral task
behavioral1
Sample
35aa7b5eede048c5bc4c26f73b5bc9c62edc9167cc3f04bc0e967f8aeabd2b91.msi
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
35aa7b5eede048c5bc4c26f73b5bc9c62edc9167cc3f04bc0e967f8aeabd2b91.msi.vir
-
Size
37.5MB
-
MD5
0abc6b6ea4e322a248f31125ddb8911b
-
SHA1
26f0a5b6631e7ae1e324f8ce24eb967379f07416
-
SHA256
35aa7b5eede048c5bc4c26f73b5bc9c62edc9167cc3f04bc0e967f8aeabd2b91
-
SHA512
364314fa2a63d53537a60a322fee9879650e653085719c5c81149037fafb12dd3bbc0e019e4a22cd3400db1c9e9bfcf637749f7efbcfed8368771dbfcd42ebe9
-
SSDEEP
786432:TddVYfoDIf7i1q8WjTRThlXgxopO+9giU2yoLVhm+Zjh:TddVYf00pDfO+9DU2vLVVVh
-
Gh0st RAT payload
-
Gh0strat family
-
Purplefox family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
1Installer Packages
1Pre-OS Boot
1Bootkit
1Defense Evasion
Pre-OS Boot
1Bootkit
1System Binary Proxy Execution
1Msiexec
1