General
-
Target
13865fc1b24aba80c30a353b9a707bde93e5cfa8097b2bbcc3a5e158cac45e68
-
Size
1.3MB
-
Sample
241211-wrqt9axrbm
-
MD5
7b73e46389fbff427059ee9d6691a7c1
-
SHA1
f449327faa3f233a9e3b98e2b27a7eedc670748e
-
SHA256
13865fc1b24aba80c30a353b9a707bde93e5cfa8097b2bbcc3a5e158cac45e68
-
SHA512
e8a21d04b1ab2c82c3416b26ee94360bcce13e55cbbd0f973bf1f83b3e069c155365538677c1356bf3ea114418a0e89077b0c2b1f8ab2b5d0560ba2fe13a74db
-
SSDEEP
24576:JOyHutimZ9VSly2hVvHW6qMnSbTBBhBMNrJ:EHPkVOBTKd
Static task
static1
Behavioral task
behavioral1
Sample
13865fc1b24aba80c30a353b9a707bde93e5cfa8097b2bbcc3a5e158cac45e68.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
13865fc1b24aba80c30a353b9a707bde93e5cfa8097b2bbcc3a5e158cac45e68
-
Size
1.3MB
-
MD5
7b73e46389fbff427059ee9d6691a7c1
-
SHA1
f449327faa3f233a9e3b98e2b27a7eedc670748e
-
SHA256
13865fc1b24aba80c30a353b9a707bde93e5cfa8097b2bbcc3a5e158cac45e68
-
SHA512
e8a21d04b1ab2c82c3416b26ee94360bcce13e55cbbd0f973bf1f83b3e069c155365538677c1356bf3ea114418a0e89077b0c2b1f8ab2b5d0560ba2fe13a74db
-
SSDEEP
24576:JOyHutimZ9VSly2hVvHW6qMnSbTBBhBMNrJ:EHPkVOBTKd
-
Gh0st RAT payload
-
Gh0strat family
-
Purplefox family
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1