General
-
Target
ghost.exe
-
Size
78KB
-
Sample
220704-fmwlyaggf5
-
MD5
d7d0564f6660199dfa918a5cfbffe490
-
SHA1
726988b123d3ede065c515707d4172408517510b
-
SHA256
0f98cc9005f90608a75dbbc44900d421a0f36bfed48f491fce45902ba138e988
-
SHA512
e755dec73cdc0bae337e677a4c8e129f57bfffec6bbe8f731e73e0d4c68bdb10eb1bdfbe9fdd8e0edfac594963a8bc8ece5e5da3d8482e33b79081995e6fd35e
Static task
static1
Behavioral task
behavioral1
Sample
ghost.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
ghost.exe
-
Size
78KB
-
MD5
d7d0564f6660199dfa918a5cfbffe490
-
SHA1
726988b123d3ede065c515707d4172408517510b
-
SHA256
0f98cc9005f90608a75dbbc44900d421a0f36bfed48f491fce45902ba138e988
-
SHA512
e755dec73cdc0bae337e677a4c8e129f57bfffec6bbe8f731e73e0d4c68bdb10eb1bdfbe9fdd8e0edfac594963a8bc8ece5e5da3d8482e33b79081995e6fd35e
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-