General
-
Target
9b3dd89066c5979374bfa5611bee3a6e98d13a304a69ece0619af49e8cd74412
-
Size
1.7MB
-
Sample
241218-wqrp6axlaz
-
MD5
d4e84b0c453ea178ff0c680aabcba1d3
-
SHA1
fea79c9b5a1d0a50e94dd8b8ea7fd2d5dcd8b3a7
-
SHA256
9b3dd89066c5979374bfa5611bee3a6e98d13a304a69ece0619af49e8cd74412
-
SHA512
78e295943520f4fe7985380426a00facca4223833c41c9233c01dd7176f9f0cd4d98c89097d111cc420c59975341bebe73829eac2c9a461fe00e5c02a7e2c19a
-
SSDEEP
49152:9RoLEhF4sTEIlLJ2vT+G1vSAhHhjb4Po5YG/mQVKEOH8YFnsYQ:9t4sTEIlF2aGZtdTYG/pLOH8YFsV
Static task
static1
Behavioral task
behavioral1
Sample
9b3dd89066c5979374bfa5611bee3a6e98d13a304a69ece0619af49e8cd74412.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
9b3dd89066c5979374bfa5611bee3a6e98d13a304a69ece0619af49e8cd74412.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
9b3dd89066c5979374bfa5611bee3a6e98d13a304a69ece0619af49e8cd74412
-
Size
1.7MB
-
MD5
d4e84b0c453ea178ff0c680aabcba1d3
-
SHA1
fea79c9b5a1d0a50e94dd8b8ea7fd2d5dcd8b3a7
-
SHA256
9b3dd89066c5979374bfa5611bee3a6e98d13a304a69ece0619af49e8cd74412
-
SHA512
78e295943520f4fe7985380426a00facca4223833c41c9233c01dd7176f9f0cd4d98c89097d111cc420c59975341bebe73829eac2c9a461fe00e5c02a7e2c19a
-
SSDEEP
49152:9RoLEhF4sTEIlLJ2vT+G1vSAhHhjb4Po5YG/mQVKEOH8YFnsYQ:9t4sTEIlF2aGZtdTYG/pLOH8YFsV
-
Gh0st RAT payload
-
Gh0strat family
-
Purplefox family
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1