General
-
Target
438b53cc3fba2ff517feb57cd7b3e54e7c6f30561f1c0359f0cff9d40f870102
-
Size
375KB
-
Sample
220812-vgwgbahhh9
-
MD5
6268ecec8e51376dedbc09b0492cd625
-
SHA1
a5cab20edbc80b6da25f5a9949490b9f42ccd492
-
SHA256
438b53cc3fba2ff517feb57cd7b3e54e7c6f30561f1c0359f0cff9d40f870102
-
SHA512
bf5bcf6d2c105d5b3ff920f14bee2ab73ed76457c0ff9265952947d65d8481794eb216311e5769f4e68c1ba1b66cf2391a91bfccb2c5a624116974d1b5de5c57
Static task
static1
Malware Config
Targets
-
-
Target
438b53cc3fba2ff517feb57cd7b3e54e7c6f30561f1c0359f0cff9d40f870102
-
Size
375KB
-
MD5
6268ecec8e51376dedbc09b0492cd625
-
SHA1
a5cab20edbc80b6da25f5a9949490b9f42ccd492
-
SHA256
438b53cc3fba2ff517feb57cd7b3e54e7c6f30561f1c0359f0cff9d40f870102
-
SHA512
bf5bcf6d2c105d5b3ff920f14bee2ab73ed76457c0ff9265952947d65d8481794eb216311e5769f4e68c1ba1b66cf2391a91bfccb2c5a624116974d1b5de5c57
-
Gh0st RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-