General
-
Target
525f07cac9cd19a40421c40402d9c98c70ea1914fd2682b740134540fa290693
-
Size
32KB
-
Sample
220717-dqp78aeehr
-
MD5
47e19906435f64d9bcc0c4d9bbab97f3
-
SHA1
c96104b2998bef1e6cd27b71c9409290d11c1909
-
SHA256
525f07cac9cd19a40421c40402d9c98c70ea1914fd2682b740134540fa290693
-
SHA512
271317936b48c3bf05c808bb40e5976b398c7cd3f0a4b8643df853a10175332071ab9f983bbf4ab5795b5de6b7bd8e5826d612fc46cf2a756c03ef38f845e219
Behavioral task
behavioral1
Sample
525f07cac9cd19a40421c40402d9c98c70ea1914fd2682b740134540fa290693.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
525f07cac9cd19a40421c40402d9c98c70ea1914fd2682b740134540fa290693.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
525f07cac9cd19a40421c40402d9c98c70ea1914fd2682b740134540fa290693
-
Size
32KB
-
MD5
47e19906435f64d9bcc0c4d9bbab97f3
-
SHA1
c96104b2998bef1e6cd27b71c9409290d11c1909
-
SHA256
525f07cac9cd19a40421c40402d9c98c70ea1914fd2682b740134540fa290693
-
SHA512
271317936b48c3bf05c808bb40e5976b398c7cd3f0a4b8643df853a10175332071ab9f983bbf4ab5795b5de6b7bd8e5826d612fc46cf2a756c03ef38f845e219
Score10/10-
Gh0st RAT payload
-
Executes dropped EXE
-
Sets DLL path for service in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Creates a Windows Service
-
Drops file in System32 directory
-