General
-
Target
f084c4e45f3b297c45407dc43f27d4b5a52d6827b402c086642f2febf1ab9a7f
-
Size
1.4MB
-
Sample
230217-x8nlwsge4v
-
MD5
61e2f8d8a84260df190cecbba7d8adf9
-
SHA1
a15a6b98c25a0fc7ac36b151e4d9c9fd3ad0c53e
-
SHA256
f084c4e45f3b297c45407dc43f27d4b5a52d6827b402c086642f2febf1ab9a7f
-
SHA512
b3cb9806890ae2295eb2c76ecc6822eb92bb139fe4abc72332c52f64c79a9b443eaf92efa6ef92a71fde75e97a1ae06842426169c6208ad423ce3c0ccec10611
-
SSDEEP
24576:wsTjQ4jMaQ5H2xNDsDgzxPd91st8gb4SrQFlmf5xdJNqczGxpLh6g165jBjIc7Ad:wsX0aQJ2x1sDgnktNbNr19DqGMldk97O
Static task
static1
Behavioral task
behavioral1
Sample
f084c4e45f3b297c45407dc43f27d4b5a52d6827b402c086642f2febf1ab9a7f.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
f084c4e45f3b297c45407dc43f27d4b5a52d6827b402c086642f2febf1ab9a7f
-
Size
1.4MB
-
MD5
61e2f8d8a84260df190cecbba7d8adf9
-
SHA1
a15a6b98c25a0fc7ac36b151e4d9c9fd3ad0c53e
-
SHA256
f084c4e45f3b297c45407dc43f27d4b5a52d6827b402c086642f2febf1ab9a7f
-
SHA512
b3cb9806890ae2295eb2c76ecc6822eb92bb139fe4abc72332c52f64c79a9b443eaf92efa6ef92a71fde75e97a1ae06842426169c6208ad423ce3c0ccec10611
-
SSDEEP
24576:wsTjQ4jMaQ5H2xNDsDgzxPd91st8gb4SrQFlmf5xdJNqczGxpLh6g165jBjIc7Ad:wsX0aQJ2x1sDgnktNbNr19DqGMldk97O
-
Gh0st RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-