Ghost Crypt Powers PureRAT with Hypnosis
July 21, 2025, 11:28 a.m.
Description
In May 2025, eSentire's Threat Response Unit (TRU) uncovered a targeted attack on a U.S. accounting firm. The attackers used a newly advertised crypter service, Ghost Crypt, to sideload and obfuscate a DLL into a legitimate Windows component (csc.exe), deploying PureRAT, a Remote Access Trojan that surged in 2025
Tags
Date
- Created: July 21, 2025, 8:42 a.m.
- Published: July 21, 2025, 8:42 a.m.
- Modified: July 21, 2025, 11:28 a.m.
Indicators
- f3d98823fb6cdc226414bedc49b94e86060fcc511cc50867d63f7c989fe54aed
- e7162b70e4f52251bedebe645ec960ce0f5cb8d5cb88555bdf9233adc5829313
- e487f0c178515b6629c6d141c14bdef904b02ce9e8603c85faaede1171beea7f
- db5407b34ed7dd78a10c3ffb9090ce21da82a95b43668b04d1de30e3d8a51dde
- cc35d8ca3b34e4c5eed80ac1fb4e392fc4cb80577a3cf7604853e1fce139c6d0
- c059bf049f0a0b2e9d5c369ba2aa94c555cccf09b13224e49b5c7f0fb99690d8
- b182d74611ed2bb17f32f14cffc1d4123c087834340997871dc19d1334036000
- 7e3d5c91a7bd65c40996ad75a736513ac0a7b73eef3e12de88c4e8d72dfbe0b0
- 6f9a19fe9cdf3f9c2f1a7a4a866baf0fb02a28b196528b84eb52d1b9e6feaf91
- 69a40bd2f667845ab95ad8438dae390f2e8b9680f4d30cb20e920c45cda565f9
- 1ac0767e5a22839ae581ea31fcfcd693f1d35092a33576cb5269a2f7b415d964
- 1784bbd15f47eb0a28bd2f22bb8a9a88b777c7a6fc964f446fa11579d90642ff
- 0995a85378ba99e5fd094fbb133eb4e320c470dd0cd2220f6787ed1f9052e6f2
- 352e51c42d5f5727a7c545752bf34d1f83f40219e7036c6959817149a51651bc
- f3abb0cc802f3d7b95fc8762b94bdcb13bf39634c40c357301c4aa1d67a256fb
- 196.251.88.111
- 176.65.144.123
- fax-greenry.myhome-server.de