General
-
Target
server.exe
-
Size
395KB
-
Sample
221222-eahc4sha5y
-
MD5
056469f81c6e775fb3e113619abe6d8b
-
SHA1
3f0cdd612cfd789a8fdbd50ce88bbfc7d16f9ad8
-
SHA256
ba5e87af520f87264acec28991b25eab44774cabcd2a4f00b6d14802ab79c985
-
SHA512
b69e76cde4c91dabe2ba4e73bc25d3c7b68da2344f9426b0870c6ff819c113aca3d435748422a8ec903b1dcc5f00b77d717ab2e364323e68f7b0ed09c6b6f0d5
-
SSDEEP
6144:ybDm2BzacakA3z5htBoLpoE76PALttbOuWNGsbmZiP1NxqORXxgiMlt:y3DzU3ft679tUuWNGsbmgdmyGn
Static task
static1
Behavioral task
behavioral1
Sample
server.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
server.exe
-
Size
395KB
-
MD5
056469f81c6e775fb3e113619abe6d8b
-
SHA1
3f0cdd612cfd789a8fdbd50ce88bbfc7d16f9ad8
-
SHA256
ba5e87af520f87264acec28991b25eab44774cabcd2a4f00b6d14802ab79c985
-
SHA512
b69e76cde4c91dabe2ba4e73bc25d3c7b68da2344f9426b0870c6ff819c113aca3d435748422a8ec903b1dcc5f00b77d717ab2e364323e68f7b0ed09c6b6f0d5
-
SSDEEP
6144:ybDm2BzacakA3z5htBoLpoE76PALttbOuWNGsbmZiP1NxqORXxgiMlt:y3DzU3ft679tUuWNGsbmgdmyGn
-
Gh0st RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-