General
-
Target
31187424e25004f7580b8defbe516ab09a6e5a4eb9e39ab1721279c5ecce8399
-
Size
32KB
-
Sample
221012-r2gxwafghp
-
MD5
b1a76512bd2449210a38aad628f5e1a3
-
SHA1
e2d5c4629742a37579eba17c722fd8177ea4a410
-
SHA256
31187424e25004f7580b8defbe516ab09a6e5a4eb9e39ab1721279c5ecce8399
-
SHA512
24f6d10f7110e6b4855e6410384bdca6b37fe47b98c5a4001faccb7b8817dd961b06dc4eac1ead4989782413aff942f1d4adb2b5f286a310cd9bfe355a5eb46b
-
SSDEEP
192:60hg42Nzd2GQ/0jqEtJ2KLNGEt2hoynrLEgH9e2tnwRmd8MFA93M3pkR:60CvNwRtONGThlNde2tnwwd5ASc
Static task
static1
Behavioral task
behavioral1
Sample
31187424e25004f7580b8defbe516ab09a6e5a4eb9e39ab1721279c5ecce8399.exe
Resource
win7-20220901-en
Malware Config
Targets
-
-
Target
31187424e25004f7580b8defbe516ab09a6e5a4eb9e39ab1721279c5ecce8399
-
Size
32KB
-
MD5
b1a76512bd2449210a38aad628f5e1a3
-
SHA1
e2d5c4629742a37579eba17c722fd8177ea4a410
-
SHA256
31187424e25004f7580b8defbe516ab09a6e5a4eb9e39ab1721279c5ecce8399
-
SHA512
24f6d10f7110e6b4855e6410384bdca6b37fe47b98c5a4001faccb7b8817dd961b06dc4eac1ead4989782413aff942f1d4adb2b5f286a310cd9bfe355a5eb46b
-
SSDEEP
192:60hg42Nzd2GQ/0jqEtJ2KLNGEt2hoynrLEgH9e2tnwRmd8MFA93M3pkR:60CvNwRtONGThlNde2tnwwd5ASc
-
Gh0st RAT payload
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-
Suspicious use of SetThreadContext
-