General
-
Target
64.exe
-
Size
112KB
-
Sample
220626-fygxxsadd8
-
MD5
03901821df28b37ffb3ba21648e5ee23
-
SHA1
6bfa94dcaffd0487e4f223ee5a056ad046f6f347
-
SHA256
01a1a142b1f4fcf6fbac05aa1c6b9e97c28ef3bf7710e3ebd0c558e1e3fde260
-
SHA512
cb476c226ac9654bb4658a32559bc1933052b9fb1077c33ae80a41d63cd69230317e802f9d1794ac17ae8c3df4cf13c1ffc01e771bd9210710a5b525e4932c19
Static task
static1
Behavioral task
behavioral1
Sample
64.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
64.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
64.exe
-
Size
112KB
-
MD5
03901821df28b37ffb3ba21648e5ee23
-
SHA1
6bfa94dcaffd0487e4f223ee5a056ad046f6f347
-
SHA256
01a1a142b1f4fcf6fbac05aa1c6b9e97c28ef3bf7710e3ebd0c558e1e3fde260
-
SHA512
cb476c226ac9654bb4658a32559bc1933052b9fb1077c33ae80a41d63cd69230317e802f9d1794ac17ae8c3df4cf13c1ffc01e771bd9210710a5b525e4932c19
Score10/10-
Gh0st RAT payload
-
Executes dropped EXE
-
Sets DLL path for service in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Creates a Windows Service
-
Drops file in System32 directory
-