General
-
Target
e1d8ce7793d94f1a0791c4288348817dc435f94ac236ce92be0d1a67c70a62d9
-
Size
1.4MB
-
Sample
230221-ytxrpagc98
-
MD5
a8b1179c3af4242ae7851af3c0b5a7e0
-
SHA1
47e6b744cac461856ff99666ea30e70698300dfd
-
SHA256
e1d8ce7793d94f1a0791c4288348817dc435f94ac236ce92be0d1a67c70a62d9
-
SHA512
79f1645340a644b19faac83f6f36b31a2047deea0ad0447562cb16691746cbd7618e0730bce2cebe76b97c89e67781b892644373c8a5b5ffbe5eae1846f42790
-
SSDEEP
24576:csTjQ46LaQ5H2xNDsDgzxPd91st8gb4SrQFlmf5xdJNqczGxpLh6g165jBjIc7Ad:csXuaQJ2x1sDgnktNbNr19DqGMldk97O
Static task
static1
Behavioral task
behavioral1
Sample
e1d8ce7793d94f1a0791c4288348817dc435f94ac236ce92be0d1a67c70a62d9.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
e1d8ce7793d94f1a0791c4288348817dc435f94ac236ce92be0d1a67c70a62d9
-
Size
1.4MB
-
MD5
a8b1179c3af4242ae7851af3c0b5a7e0
-
SHA1
47e6b744cac461856ff99666ea30e70698300dfd
-
SHA256
e1d8ce7793d94f1a0791c4288348817dc435f94ac236ce92be0d1a67c70a62d9
-
SHA512
79f1645340a644b19faac83f6f36b31a2047deea0ad0447562cb16691746cbd7618e0730bce2cebe76b97c89e67781b892644373c8a5b5ffbe5eae1846f42790
-
SSDEEP
24576:csTjQ46LaQ5H2xNDsDgzxPd91st8gb4SrQFlmf5xdJNqczGxpLh6g165jBjIc7Ad:csXuaQJ2x1sDgnktNbNr19DqGMldk97O
-
Gh0st RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-