General
-
Target
6655c46137af5c739e95a0f356efda3a471336d03cff18d8bc2edfd063d76a3d
-
Size
104KB
-
Sample
230110-bgrctabh3t
-
MD5
c55df3ccf34d0c3d4d900d8a8f6a88c0
-
SHA1
50859414fa92a09c2df73151d913269f1bfe01f8
-
SHA256
6655c46137af5c739e95a0f356efda3a471336d03cff18d8bc2edfd063d76a3d
-
SHA512
9f1fa0d525d8b6075fd79f3dc0eb0d91b017394f3cc74aec5c3fbc2d709521223eeff904ab1c11cdb9fbbb8db43d808fe73de2202b6c019326dae21c349908d5
-
SSDEEP
1536:4H3ccHYvlcaFUdw9Teh/+2wX9yB5aW2SXZH:H9caJBeJGw5fLpH
Static task
static1
Behavioral task
behavioral1
Sample
6655c46137af5c739e95a0f356efda3a471336d03cff18d8bc2edfd063d76a3d.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
6655c46137af5c739e95a0f356efda3a471336d03cff18d8bc2edfd063d76a3d
-
Size
104KB
-
MD5
c55df3ccf34d0c3d4d900d8a8f6a88c0
-
SHA1
50859414fa92a09c2df73151d913269f1bfe01f8
-
SHA256
6655c46137af5c739e95a0f356efda3a471336d03cff18d8bc2edfd063d76a3d
-
SHA512
9f1fa0d525d8b6075fd79f3dc0eb0d91b017394f3cc74aec5c3fbc2d709521223eeff904ab1c11cdb9fbbb8db43d808fe73de2202b6c019326dae21c349908d5
-
SSDEEP
1536:4H3ccHYvlcaFUdw9Teh/+2wX9yB5aW2SXZH:H9caJBeJGw5fLpH
-
Gh0st RAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-