General
-
Target
6da15c46a9d70ddcf2ab5fc3d80105ed205d6248f12b75f5f80661ec3621c9b0
-
Size
1.2MB
-
Sample
250405-g9w2navmz2
-
MD5
3b1d749f035794bb5e31d976775cdd8a
-
SHA1
01a656527429e58559c47bf0c1873ee7eb55b9ba
-
SHA256
6da15c46a9d70ddcf2ab5fc3d80105ed205d6248f12b75f5f80661ec3621c9b0
-
SHA512
9d4d135720ec1c808726fa302d5a914075abc5b45bed2967325b06eeed30c14c004d38651a12311c9e7c82758f8a89ad7706dc96fc9f27b3df441c9d417cc595
-
SSDEEP
24576:HovxCwgMBqHO5ZdYXOp0nQrXctTfK+d+MrTXowFlw57XYBwJtiE:WIwgMEuy+inDfp3/XoCw57XYBwKE
Malware Config
Targets
-
-
Target
6da15c46a9d70ddcf2ab5fc3d80105ed205d6248f12b75f5f80661ec3621c9b0
-
Size
1.2MB
-
MD5
3b1d749f035794bb5e31d976775cdd8a
-
SHA1
01a656527429e58559c47bf0c1873ee7eb55b9ba
-
SHA256
6da15c46a9d70ddcf2ab5fc3d80105ed205d6248f12b75f5f80661ec3621c9b0
-
SHA512
9d4d135720ec1c808726fa302d5a914075abc5b45bed2967325b06eeed30c14c004d38651a12311c9e7c82758f8a89ad7706dc96fc9f27b3df441c9d417cc595
-
SSDEEP
24576:HovxCwgMBqHO5ZdYXOp0nQrXctTfK+d+MrTXowFlw57XYBwJtiE:WIwgMEuy+inDfp3/XoCw57XYBwKE
-
Gh0st RAT payload
-
Gh0strat family
-
Purplefox family
-
Drops file in Drivers directory
-
Server Software Component: Terminal Services DLL
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Server Software Component
1Terminal Services DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2