General
-
Target
gh.exe
-
Size
1.9MB
-
Sample
220516-ydyztadhf2
-
MD5
fc2f9bb8ec49b7a862a994d7793cfbfa
-
SHA1
2ac1aa2e6884a811b5517564efeb101bcd6acf23
-
SHA256
ba42981857aaa86ac3ebfa7c169d3abff15ef53a857770d70fa4808a90238d67
-
SHA512
56b2f07acf0346e04894ac1bef83515bdda00a0d27262a4abe34799dc49ca996f796fda541fd6d3edda7f05187c9500f52ef694a3c1ddac3839b3047bef66524
Static task
static1
Behavioral task
behavioral1
Sample
gh.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
gh.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
gh.exe
-
Size
1.9MB
-
MD5
fc2f9bb8ec49b7a862a994d7793cfbfa
-
SHA1
2ac1aa2e6884a811b5517564efeb101bcd6acf23
-
SHA256
ba42981857aaa86ac3ebfa7c169d3abff15ef53a857770d70fa4808a90238d67
-
SHA512
56b2f07acf0346e04894ac1bef83515bdda00a0d27262a4abe34799dc49ca996f796fda541fd6d3edda7f05187c9500f52ef694a3c1ddac3839b3047bef66524
Score10/10-
Modifies WinLogon for persistence
-
XMRig Miner Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-