General
-
Target
b5ddea176f84e1230e048754fa7222b01f272c7fc36cd8a370808eb53e88a59c
-
Size
524KB
-
Sample
221203-hnbz2agg4v
-
MD5
339d322f96ffae239fcfda935c332f91
-
SHA1
36b1809655156659a52edeadf665c72c6ba071f1
-
SHA256
b5ddea176f84e1230e048754fa7222b01f272c7fc36cd8a370808eb53e88a59c
-
SHA512
b942464f9d06855198f323b9891c8704ff145c94f1cba0ac92dccaa19946b1a21ca1a5f37c1b73b482f52a737cf9b822d08286cddc0b41ebd8105e676bbd7cb8
-
SSDEEP
6144:7Rm973fQ6Rf/3sNYGl73IBtWcp+a18MWExFrMkuWnOMdWFmjD1z93bW:741Tf/AYGpSp+aKMWExFriWL8FM3q
Static task
static1
Behavioral task
behavioral1
Sample
b5ddea176f84e1230e048754fa7222b01f272c7fc36cd8a370808eb53e88a59c.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
b5ddea176f84e1230e048754fa7222b01f272c7fc36cd8a370808eb53e88a59c.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
b5ddea176f84e1230e048754fa7222b01f272c7fc36cd8a370808eb53e88a59c
-
Size
524KB
-
MD5
339d322f96ffae239fcfda935c332f91
-
SHA1
36b1809655156659a52edeadf665c72c6ba071f1
-
SHA256
b5ddea176f84e1230e048754fa7222b01f272c7fc36cd8a370808eb53e88a59c
-
SHA512
b942464f9d06855198f323b9891c8704ff145c94f1cba0ac92dccaa19946b1a21ca1a5f37c1b73b482f52a737cf9b822d08286cddc0b41ebd8105e676bbd7cb8
-
SSDEEP
6144:7Rm973fQ6Rf/3sNYGl73IBtWcp+a18MWExFrMkuWnOMdWFmjD1z93bW:741Tf/AYGpSp+aKMWExFriWL8FM3q
Score10/10-
Gh0st RAT payload
-
Executes dropped EXE
-
Sets DLL path for service in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-