873b3f4e9bcdf5c69e3928012df2b4d5fb94cb964f89ba842bdeb575178e031b

Submit
Reports

Overview

overview

Static

static

Ghosty Per...FN.exe

windows7-x64

Ghosty Per...FN.exe

windows10-2004-x64

Ghosty Per....1.exe

windows7-x64

Ghosty Per....1.exe

windows10-2004-x64

Ghosty Per....1.exe

windows7-x64

Ghosty Per....1.exe

windows10-2004-x64

Ghosty Per...ry.dll

windows7-x64

Ghosty Per...ry.dll

windows10-2004-x64

Ghosty Per...64.dll

windows7-x64

Ghosty Per...64.dll

windows10-2004-x64

Ghosty Per...on.dll

windows7-x64

Ghosty Per...on.dll

windows10-2004-x64

Ghosty Per...ec.dll

windows7-x64

Ghosty Per...ec.dll

windows10-2004-x64

Ghosty Per...z2.dll

windows7-x64

Ghosty Per...z2.dll

windows10-2004-x64

Ghosty Per...pe.dll

windows7-x64

Ghosty Per...pe.dll

windows10-2004-x64

Ghosty Per...16.dll

windows7-x64

Ghosty Per...16.dll

windows10-2004-x64

Ghosty Per...rts.sh

windows7-x64

Ghosty Per...rts.sh

windows10-2004-x64

generate-certs.sh

windows7-x64

generate-certs.sh

windows10-2004-x64

1337/conve...rts.sh

windows7-x64

1337/conve...rts.sh

windows10-2004-x64

Ghosty Per...or.exe

windows7-x64

Ghosty Per...or.exe

windows10-2004-x64

Ghosty Per...64.dll

windows7-x64

Ghosty Per...64.dll

windows10-2004-x64

Ghosty Per...64.dll

windows7-x64

Ghosty Per...64.dll

windows10-2004-x64

Analysis

max time kernel
93s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
27-12-2024 10:02

Sharing

Copy URL

Twitter E-mail

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Ghosty Permanent Spoofer/GHOSTYFN.exe

Resource

win7-20240729-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

Ghosty Permanent Spoofer/GHOSTYFN.exe

Resource

win10v2004-20241007-en

orcus defense_evasion discovery rat spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Behavioral task

behavioral3

Sample

Ghosty Permanent Spoofer/KA-LicenseKey_x86_x64_v1.1.exe

Resource

win7-20240903-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral4

Sample

Ghosty Permanent Spoofer/KA-LicenseKey_x86_x64_v1.1.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral5

Sample

Ghosty Permanent Spoofer/KA-MemIntegrity_x86_x64_v1.1.exe

Resource

win7-20240903-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral6

Sample

Ghosty Permanent Spoofer/KA-MemIntegrity_x86_x64_v1.1.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral7

Sample

Ghosty Permanent Spoofer/SafeGuard-Library.dll

Resource

win7-20241010-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral8

Sample

Ghosty Permanent Spoofer/SafeGuard-Library.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral9

Sample

Ghosty Permanent Spoofer/VMProtectSDK64.dll

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral10

Sample

Ghosty Permanent Spoofer/VMProtectSDK64.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral11

Sample

Ghosty Permanent Spoofer/brotlicommon.dll

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral12

Sample

Ghosty Permanent Spoofer/brotlicommon.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral13

Sample

Ghosty Permanent Spoofer/brotlidec.dll

Resource

win7-20240903-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral14

Sample

Ghosty Permanent Spoofer/brotlidec.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral15

Sample

Ghosty Permanent Spoofer/bz2.dll

Resource

win7-20241023-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral16

Sample

Ghosty Permanent Spoofer/bz2.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral17

Sample

Ghosty Permanent Spoofer/freetype.dll

Resource

win7-20240729-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral18

Sample

Ghosty Permanent Spoofer/freetype.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral19

Sample

Ghosty Permanent Spoofer/libpng16.dll

Resource

win7-20241010-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral20

Sample

Ghosty Permanent Spoofer/libpng16.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral21

Sample

Ghosty Permanent Spoofer/server/Certificates/generate-certs.sh

Resource

win7-20241010-en

discovery

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral22

Sample

Ghosty Permanent Spoofer/server/Certificates/generate-certs.sh

Resource

win10v2004-20241007-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral23

Sample

generate-certs.sh

Resource

win7-20240903-en

discovery

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral24

Sample

generate-certs.sh

Resource

win10v2004-20241007-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral25

Sample

1337/convert/generate-certs.sh

Resource

win7-20240708-en

discovery

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral26

Sample

1337/convert/generate-certs.sh

Resource

win10v2004-20241007-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral27

Sample

Ghosty Permanent Spoofer/server/x64/Release/Emulator.exe

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral28

Sample

Ghosty Permanent Spoofer/server/x64/Release/Emulator.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral29

Sample

Ghosty Permanent Spoofer/server/x64/Release/libcrypto-3-x64.dll

Resource

win7-20240729-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral30

Sample

Ghosty Permanent Spoofer/server/x64/Release/libcrypto-3-x64.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral31

Sample

Ghosty Permanent Spoofer/server/x64/Release/libssl-3-x64.dll

Resource

win7-20241023-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral32

Sample

Ghosty Permanent Spoofer/server/x64/Release/libssl-3-x64.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Report Analysis Logs

General

Target

Ghosty Permanent Spoofer/server/x64/Release/Emulator.exe
Size

596KB
MD5

8b24e99924113fa9bebde74ab2aeb29c
SHA1

9b66e30dcf9ac6ec3bd15547c2c43db686283ed2
SHA256

777e731543579910dc6d0dd5b15d71d46a50c401b1203cdd7cbacc79363ee5b8
SHA512

68b2ddf5cc52c302d1af3e792b48b421cde79f94a73f69f3c759e432be22a009422d2d84e832334e1169c30a1e6a88c714f69824d66474c692b56884eb4f4750
SSDEEP

6144:zZ6EcigBgNldCeqnMQO/bx2Fdglh78TlZ9u5rDcZxXcbeUyzntOhYUlPAF5NcRdL:sfBgNlweqn+lhcZA5cDXcbh40l

Score

1^/10

Malware Config

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\Ghosty Permanent Spoofer\server\x64\Release\Emulator.exe
"C:\Users\Admin\AppData\Local\Temp\Ghosty Permanent Spoofer\server\x64\Release\Emulator.exe"
1⤵
PID:224

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads