General
-
Target
tmp
-
Size
161KB
-
Sample
230325-rgmbvsfb41
-
MD5
f35b17916d8f7aaffa2e4c2db4597015
-
SHA1
2e4fbfa5bcd58c62be0df7cbea92b65264993743
-
SHA256
52091de74be387b3409cb595306fef4ef8129c0cd4e4867659140218495c7aa4
-
SHA512
f48ef1aa21805e8bca91b6ee87f338c8388d2c8dff6422955704a9c352877f8ad665c139fc3febd6f8c2d64a44ce9d6153e35c8d46b59b4a505ac381b3ad1a5e
-
SSDEEP
3072:6yIpG2/iDbYeZqFU+D+mlVP93L22cYl71tmAY1n68g1UphQi5UJs:rIposeKUoP93LeI71smuhQXJs
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
gh0strat
154.9.24.101
Targets
-
-
Target
tmp
-
Size
161KB
-
MD5
f35b17916d8f7aaffa2e4c2db4597015
-
SHA1
2e4fbfa5bcd58c62be0df7cbea92b65264993743
-
SHA256
52091de74be387b3409cb595306fef4ef8129c0cd4e4867659140218495c7aa4
-
SHA512
f48ef1aa21805e8bca91b6ee87f338c8388d2c8dff6422955704a9c352877f8ad665c139fc3febd6f8c2d64a44ce9d6153e35c8d46b59b4a505ac381b3ad1a5e
-
SSDEEP
3072:6yIpG2/iDbYeZqFU+D+mlVP93L22cYl71tmAY1n68g1UphQi5UJs:rIposeKUoP93LeI71smuhQXJs
Score10/10-
Gh0st RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-