General
-
Target
TG_setup-x64.7z
-
Size
35.3MB
-
Sample
220703-bl91qabdhq
-
MD5
1e6923d66132e9506b6f11eebf07077b
-
SHA1
92c196b7addc4bc4ab65bc6f555f70e69dee3420
-
SHA256
b39a17feeb9ba7a73b458b792532bb90009d64af4ffcf4f8636846f7832503d5
-
SHA512
b26d2369a0a6d4b5ca301656edabf71d3b9cefd15215d7f9519403cc3aff5a0a05e63e57a717b84c623c397f332504a359de09a9a54b998bfd4274d190b5bc2b
Static task
static1
Behavioral task
behavioral1
Sample
TG_setup-x64.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
TG_setup-x64.exe
-
Size
36.1MB
-
MD5
7b751af2c64f68ed29dc6a89b90985b5
-
SHA1
f51be698468764370c3d37611c1f5c90da8f5639
-
SHA256
d71c5b15777a6f0ac68eef46da3bc976f5727f287e5ed8873b32e628c4f07a13
-
SHA512
cc9b1debacf8f87a27759ad1478b19ad4fe54a9e7b53e91c76f16d8dd42576cffa63c965c471876f093897136c197c84ab0b4bf5c061d8f865a2a788e9af924f
-
Gh0st RAT payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-