General
-
Target
infected.zip
-
Size
11.4MB
-
Sample
230226-15l6faaf55
-
MD5
20378da4066af3d5b0ac9f0d6879e752
-
SHA1
b6486b33e22c02ee93d32200f2f4f4dbb2dcc08d
-
SHA256
c7d5c2d7df032671544a0974fb292e2131b541469ef1daf9c103c1a534a8ee60
-
SHA512
9cc56049ab71c2df9f41f9faa5b30848d33721d1911bca2190ed2a0fae4e54ff959568362a0f0769f985660cab7035816e8cebc30ae35997238b07c671510a31
-
SSDEEP
196608:W/yaLXILj6fFsb16m9kGRii2BSe2qE3LsGqjRGPnosvg93p9N0MY/6FGD2TDY:W/fSj0ebv2G2MJqE389GPnPvgb0Mz4Z
Behavioral task
behavioral1
Sample
infected.zip
Resource
win10-20230220-ja
Behavioral task
behavioral2
Sample
infected.zip
Resource
win7-20230220-ja
Behavioral task
behavioral3
Sample
infected.zip
Resource
win10v2004-20230220-ja
Malware Config
Targets
-
-
Target
infected.zip
-
Size
11.4MB
-
MD5
20378da4066af3d5b0ac9f0d6879e752
-
SHA1
b6486b33e22c02ee93d32200f2f4f4dbb2dcc08d
-
SHA256
c7d5c2d7df032671544a0974fb292e2131b541469ef1daf9c103c1a534a8ee60
-
SHA512
9cc56049ab71c2df9f41f9faa5b30848d33721d1911bca2190ed2a0fae4e54ff959568362a0f0769f985660cab7035816e8cebc30ae35997238b07c671510a31
-
SSDEEP
196608:W/yaLXILj6fFsb16m9kGRii2BSe2qE3LsGqjRGPnosvg93p9N0MY/6FGD2TDY:W/fSj0ebv2G2MJqE389GPnPvgb0Mz4Z
-
Gh0st RAT payload
-
Drops file in Drivers directory
-
Sets service image path in registry
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-