General
-
Target
x86.exe
-
Size
32KB
-
Sample
220626-g1vr8sbfh3
-
MD5
8c30350ae08b2ef4f5235d47aceb10ff
-
SHA1
f03b5a4bc64d4d165246e81f3137211199738baf
-
SHA256
ffd5fde0ea63a8503e55f3e9b00c83b2ea3db07e41f9ca08c4e5fb0335c2644b
-
SHA512
cc6bc8b801d555c8df198bc2780e1804f4c6517de1d718691597746d27268acfe4d6d72bd2b0de225178f786ec25296198e815a44d7ec6ee52aa4a86d2f21ed4
Static task
static1
Behavioral task
behavioral1
Sample
x86.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
x86.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
x86.exe
-
Size
32KB
-
MD5
8c30350ae08b2ef4f5235d47aceb10ff
-
SHA1
f03b5a4bc64d4d165246e81f3137211199738baf
-
SHA256
ffd5fde0ea63a8503e55f3e9b00c83b2ea3db07e41f9ca08c4e5fb0335c2644b
-
SHA512
cc6bc8b801d555c8df198bc2780e1804f4c6517de1d718691597746d27268acfe4d6d72bd2b0de225178f786ec25296198e815a44d7ec6ee52aa4a86d2f21ed4
Score10/10-
Gh0st RAT payload
-
Executes dropped EXE
-
Sets DLL path for service in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Creates a Windows Service
-
Drops file in System32 directory
-