General
-
Target
tmp
-
Size
1.3MB
-
Sample
220812-p3rgladdal
-
MD5
46de82693e684cc16820fc4d41a96444
-
SHA1
35c287a3184e7a687e4cff9f792a96583dacb0fe
-
SHA256
5a6211c06b54cad0b668568a941f9d903fc68c41125d388b5ab1bfb189920add
-
SHA512
7d3ef9bf980347e5d4126ed84da8154a15f4dfd324c9838fbad5a8198cf2bd75b8b415f94422b4b00e5bda0ab223fd805b244c7185f5535efc089b4835a0876e
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220718-en
Malware Config
Targets
-
-
Target
tmp
-
Size
1.3MB
-
MD5
46de82693e684cc16820fc4d41a96444
-
SHA1
35c287a3184e7a687e4cff9f792a96583dacb0fe
-
SHA256
5a6211c06b54cad0b668568a941f9d903fc68c41125d388b5ab1bfb189920add
-
SHA512
7d3ef9bf980347e5d4126ed84da8154a15f4dfd324c9838fbad5a8198cf2bd75b8b415f94422b4b00e5bda0ab223fd805b244c7185f5535efc089b4835a0876e
-
Gh0st RAT payload
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-