General
-
Target
8286cc589f3ec4178997bf34133842cd1d8004248e1741fcf2562588287def8c
-
Size
3.4MB
-
Sample
221129-x3hhpaca71
-
MD5
15eba7bd2980d8ff343148fab91e642f
-
SHA1
9cd47a4945464bf9c0113b89c35ca0953eb1e1c5
-
SHA256
8286cc589f3ec4178997bf34133842cd1d8004248e1741fcf2562588287def8c
-
SHA512
7e516d77041899d21c4af1431d1805a238199852589dc494963349e9d7078174d8b9df992022f011f7ba74dd40cd9dd07d210054561a3e54a518361bdc926eac
-
SSDEEP
49152:B2Ydv3ZO/jwLHBLRnUvOtStpYD9qV3aS6doH224GS8EhviL2uy8PBw/TMAvjlNBo:EuO/jK0wfD9qsvqjS8by8PEjVGokUk
Static task
static1
Behavioral task
behavioral1
Sample
8286cc589f3ec4178997bf34133842cd1d8004248e1741fcf2562588287def8c.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
8286cc589f3ec4178997bf34133842cd1d8004248e1741fcf2562588287def8c
-
Size
3.4MB
-
MD5
15eba7bd2980d8ff343148fab91e642f
-
SHA1
9cd47a4945464bf9c0113b89c35ca0953eb1e1c5
-
SHA256
8286cc589f3ec4178997bf34133842cd1d8004248e1741fcf2562588287def8c
-
SHA512
7e516d77041899d21c4af1431d1805a238199852589dc494963349e9d7078174d8b9df992022f011f7ba74dd40cd9dd07d210054561a3e54a518361bdc926eac
-
SSDEEP
49152:B2Ydv3ZO/jwLHBLRnUvOtStpYD9qV3aS6doH224GS8EhviL2uy8PBw/TMAvjlNBo:EuO/jK0wfD9qsvqjS8by8PEjVGokUk
-
Gh0st RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-