General
-
Target
c709b9cd6eb4bf4fafe017cb64eba2fbcd1c74d8159531faca38af0617624d62
-
Size
1.6MB
-
Sample
221110-1gtklsgcer
-
MD5
631910bc9f749e6deb466a7732e96424
-
SHA1
eae8cba96da0c66ce0e145d0d93efa2ae46ea08c
-
SHA256
c709b9cd6eb4bf4fafe017cb64eba2fbcd1c74d8159531faca38af0617624d62
-
SHA512
2965b3b52b17b67ea81ea1f784d0a45f394a4d300d7308bd5855b76672d99b9c13fdb6400ba4b6777f628150c6c4c96a668b191c9b8ce7d41a95604c1db58b4b
-
SSDEEP
24576:yAMvlk4plaBmq4lUEWAt6JDX8yClGe5Ali8cQv:WOOlQmR9mDsyClGeqlcQv
Static task
static1
Behavioral task
behavioral1
Sample
c709b9cd6eb4bf4fafe017cb64eba2fbcd1c74d8159531faca38af0617624d62.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
c709b9cd6eb4bf4fafe017cb64eba2fbcd1c74d8159531faca38af0617624d62
-
Size
1.6MB
-
MD5
631910bc9f749e6deb466a7732e96424
-
SHA1
eae8cba96da0c66ce0e145d0d93efa2ae46ea08c
-
SHA256
c709b9cd6eb4bf4fafe017cb64eba2fbcd1c74d8159531faca38af0617624d62
-
SHA512
2965b3b52b17b67ea81ea1f784d0a45f394a4d300d7308bd5855b76672d99b9c13fdb6400ba4b6777f628150c6c4c96a668b191c9b8ce7d41a95604c1db58b4b
-
SSDEEP
24576:yAMvlk4plaBmq4lUEWAt6JDX8yClGe5Ali8cQv:WOOlQmR9mDsyClGeqlcQv
-
Gh0st RAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-