General
-
Target
Server.exe
-
Size
396KB
-
Sample
220930-3zkrjagben
-
MD5
5efd6f7577970a139e6c496353a4d440
-
SHA1
9eb248739c9ee37463dc7894556dbab953e830d6
-
SHA256
3cb2fd26e550c2210a94d899a48ecd53216457e9c33f4a623bb3bb63263062a8
-
SHA512
d46d560854e594a7426075b482d39b728d8ad02907ada85fa24acf63903e5ed012d975698cba975d3247174c6be7f7686014a66d5f8df326eeef54997cb20761
-
SSDEEP
12288:sb5DbPowllDRf9Ib2JONfUcri1RcQP2a+:s9Dbg6lV9C2JOBUIc12a+
Static task
static1
Behavioral task
behavioral1
Sample
Server.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
Server.exe
-
Size
396KB
-
MD5
5efd6f7577970a139e6c496353a4d440
-
SHA1
9eb248739c9ee37463dc7894556dbab953e830d6
-
SHA256
3cb2fd26e550c2210a94d899a48ecd53216457e9c33f4a623bb3bb63263062a8
-
SHA512
d46d560854e594a7426075b482d39b728d8ad02907ada85fa24acf63903e5ed012d975698cba975d3247174c6be7f7686014a66d5f8df326eeef54997cb20761
-
SSDEEP
12288:sb5DbPowllDRf9Ib2JONfUcri1RcQP2a+:s9Dbg6lV9C2JOBUIc12a+
-
Gh0st RAT payload
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-