General
-
Target
4f5a8b7ca30c757f4cfcbd338d79dd06ebb6db62451845d7b53f38c54ad7da7a.zip
-
Size
13.3MB
-
Sample
221007-hs3csabgg4
-
MD5
3e95afd415aabdc9c735047a554c1f31
-
SHA1
cfbef977db196813258ab8bc6fd4749e2a3b0e3c
-
SHA256
55f23b3a54b6b43338997ad5554f046e205042fd00a81a8e04f9bd6a8dcc8c07
-
SHA512
0ee464c36c353f1d073c8bbc5558f248e113a5118382e04f1d1c73b8c18925da65b5610be3b2fe5492960c4e0a500553a999775579b69276efcc0a40b2db54d9
-
SSDEEP
393216:kDYAFFQGYpDH1pFli+5GTOdaHH/1Kn1U/uhThb:l2FQGYV1BlGTOdaNKnfhTh
Static task
static1
Behavioral task
behavioral1
Sample
4f5a8b7ca30c757f4cfcbd338d79dd06ebb6db62451845d7b53f38c54ad7da7a.msi
Resource
win7-20220901-en
Malware Config
Targets
-
-
Target
4f5a8b7ca30c757f4cfcbd338d79dd06ebb6db62451845d7b53f38c54ad7da7a.msi
-
Size
13.7MB
-
MD5
afb73daab97a1a8fb156ed34715a01ca
-
SHA1
ecb0ea164d1d1ceea4a0fb0d06f61345f4a65ac3
-
SHA256
4f5a8b7ca30c757f4cfcbd338d79dd06ebb6db62451845d7b53f38c54ad7da7a
-
SHA512
35dec58a6525f91f6edb2cd9ef3e53f76cbee700ac7e489cda85a443835d210cbef4d369eb3084cb4ad8f5a06a281ea35908249ff6a4f566623c99d7c94487e9
-
SSDEEP
393216:w3Bp4yJDyaxkvEIeg/sczcezXEbpFS+zYeOPuet:WBy0Gax2fbDlzEbpFfzYeO
-
Gh0st RAT payload
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-