General
-
Target
f38ceb5bccd2de5ccf73d79ec5711d40.exe
-
Size
2.1MB
-
Sample
220707-fztywadeer
-
MD5
f38ceb5bccd2de5ccf73d79ec5711d40
-
SHA1
72eb623006fad037f57831ebe2a554c3823105d9
-
SHA256
f73282bb29d6711a116656bf12a55c2e7df5eb9a95376b6d1d087309fc37bb14
-
SHA512
199be4590729211be3b144a789ba4455fdc4e23604b36f2a4989bb75a763718abcd058e075236040a8ed51158f7783c2f99f77bbbfd9796426deb3902fae851d
Static task
static1
Behavioral task
behavioral1
Sample
f38ceb5bccd2de5ccf73d79ec5711d40.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
f38ceb5bccd2de5ccf73d79ec5711d40.exe
-
Size
2.1MB
-
MD5
f38ceb5bccd2de5ccf73d79ec5711d40
-
SHA1
72eb623006fad037f57831ebe2a554c3823105d9
-
SHA256
f73282bb29d6711a116656bf12a55c2e7df5eb9a95376b6d1d087309fc37bb14
-
SHA512
199be4590729211be3b144a789ba4455fdc4e23604b36f2a4989bb75a763718abcd058e075236040a8ed51158f7783c2f99f77bbbfd9796426deb3902fae851d
-
Gh0st RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-