General
-
Target
bbc6e1ef59b38a38b2b8adf4fc0dc0a25a8370a03b293681423eb169d5aa5742
-
Size
235KB
-
Sample
221203-g3gy6abf56
-
MD5
32e398d8dc621da81aa91be2f2f42df4
-
SHA1
37c7b1f046c880c556b939e2a136a296f9753b83
-
SHA256
bbc6e1ef59b38a38b2b8adf4fc0dc0a25a8370a03b293681423eb169d5aa5742
-
SHA512
2474192a51fc367e70f9cbe1b9ab63fd4161d771236902cb595891777d886187f06270272c514ece54edd634c6da584f4235c60b9f1bff8c7aabde63e27a1d87
-
SSDEEP
6144:zphUyNq8ibIsUeIuiFFXYBmGFXfyHH+8kUBS:zvUyNq8OqeIuiemIyn+8o
Static task
static1
Behavioral task
behavioral1
Sample
bbc6e1ef59b38a38b2b8adf4fc0dc0a25a8370a03b293681423eb169d5aa5742.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
bbc6e1ef59b38a38b2b8adf4fc0dc0a25a8370a03b293681423eb169d5aa5742.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
bbc6e1ef59b38a38b2b8adf4fc0dc0a25a8370a03b293681423eb169d5aa5742
-
Size
235KB
-
MD5
32e398d8dc621da81aa91be2f2f42df4
-
SHA1
37c7b1f046c880c556b939e2a136a296f9753b83
-
SHA256
bbc6e1ef59b38a38b2b8adf4fc0dc0a25a8370a03b293681423eb169d5aa5742
-
SHA512
2474192a51fc367e70f9cbe1b9ab63fd4161d771236902cb595891777d886187f06270272c514ece54edd634c6da584f4235c60b9f1bff8c7aabde63e27a1d87
-
SSDEEP
6144:zphUyNq8ibIsUeIuiFFXYBmGFXfyHH+8kUBS:zvUyNq8OqeIuiemIyn+8o
Score10/10-
Gh0st RAT payload
-
Executes dropped EXE
-
Sets DLL path for service in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-