General
-
Target
3768343fbb050b80a36ae59cb686b8533a843eb26c42ed5d4f1c1821b568d1e8
-
Size
112KB
-
Sample
220625-3ekk2aacb9
-
MD5
9ad57ee7f8dd5211f5bc2458f7c1df22
-
SHA1
e51d8f98d221c48c282898d1b60aadb5617b6d0a
-
SHA256
3768343fbb050b80a36ae59cb686b8533a843eb26c42ed5d4f1c1821b568d1e8
-
SHA512
c52fc66a77b91c9d5fdbca5f983297aeaa312060080dd9142705ff798d97d43e2170a9d3f39833f9565d4609ea357e79710a1f5f483d7d7cfd3056c356060728
Static task
static1
Behavioral task
behavioral1
Sample
3768343fbb050b80a36ae59cb686b8533a843eb26c42ed5d4f1c1821b568d1e8.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3768343fbb050b80a36ae59cb686b8533a843eb26c42ed5d4f1c1821b568d1e8.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
3768343fbb050b80a36ae59cb686b8533a843eb26c42ed5d4f1c1821b568d1e8
-
Size
112KB
-
MD5
9ad57ee7f8dd5211f5bc2458f7c1df22
-
SHA1
e51d8f98d221c48c282898d1b60aadb5617b6d0a
-
SHA256
3768343fbb050b80a36ae59cb686b8533a843eb26c42ed5d4f1c1821b568d1e8
-
SHA512
c52fc66a77b91c9d5fdbca5f983297aeaa312060080dd9142705ff798d97d43e2170a9d3f39833f9565d4609ea357e79710a1f5f483d7d7cfd3056c356060728
Score10/10-
Gh0st RAT payload
-
Executes dropped EXE
-
Sets DLL path for service in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Creates a Windows Service
-
Drops file in System32 directory
-