General
-
Target
Tele-CN汉化.msi
-
Size
49.4MB
-
Sample
220813-jgj8hahgg6
-
MD5
158f0c8142dd01e983f1797a6264362e
-
SHA1
42c8e368334d75c6c6deeac9dac8f8cc0f9c812c
-
SHA256
785e9b07fc8ed60165bccab77cd09e1a7991ce1c54c6afb58a9d4d37b76e69e0
-
SHA512
7990f8e421be357b9e6adc50731b4c2b0b952718809a8765b1572979c6abc5dd38c1d77533afd74ddba44c19cc743e201498e73915687353a7567f6ead62c394
Static task
static1
Behavioral task
behavioral1
Sample
Tele-CN汉化.msi
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
Tele-CN汉化.msi
-
Size
49.4MB
-
MD5
158f0c8142dd01e983f1797a6264362e
-
SHA1
42c8e368334d75c6c6deeac9dac8f8cc0f9c812c
-
SHA256
785e9b07fc8ed60165bccab77cd09e1a7991ce1c54c6afb58a9d4d37b76e69e0
-
SHA512
7990f8e421be357b9e6adc50731b4c2b0b952718809a8765b1572979c6abc5dd38c1d77533afd74ddba44c19cc743e201498e73915687353a7567f6ead62c394
-
Gh0st RAT payload
-
Creates new service(s)
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-