General
-
Target
image_2023-03-25_15-34-35.png.virus.pif
-
Size
1.5MB
-
Sample
230326-gte37sff78
-
MD5
304f1fe84d21240f53265556f3e7aec1
-
SHA1
ba0b6b5b2b95316e64e9ff0707d05aba07f614c5
-
SHA256
445823ec2a16daeee6bab7018eb8e940d196d32e1e658745dabe925ccb9e2529
-
SHA512
d63606f4c2c0aac50ad8bd9bc096262f425bfb929dd4358156ec1bc497c80d0251c9595f77781b1dfd4b3c0c971bdbea0a190512db896e499a1a04974682a620
-
SSDEEP
24576:fLM4cWyTOI+rDsjmWs4V6NB+HMSu+O8MYehJsjLvYikHHJkSj+Z9X6DciYamKgFY:fLM4c3TOtrDsKivuwMhJKvrmHJcpSPYU
Static task
static1
Behavioral task
behavioral1
Sample
image_2023-03-25_15-34-35.png.virus.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
image_2023-03-25_15-34-35.png.virus.pif
-
Size
1.5MB
-
MD5
304f1fe84d21240f53265556f3e7aec1
-
SHA1
ba0b6b5b2b95316e64e9ff0707d05aba07f614c5
-
SHA256
445823ec2a16daeee6bab7018eb8e940d196d32e1e658745dabe925ccb9e2529
-
SHA512
d63606f4c2c0aac50ad8bd9bc096262f425bfb929dd4358156ec1bc497c80d0251c9595f77781b1dfd4b3c0c971bdbea0a190512db896e499a1a04974682a620
-
SSDEEP
24576:fLM4cWyTOI+rDsjmWs4V6NB+HMSu+O8MYehJsjLvYikHHJkSj+Z9X6DciYamKgFY:fLM4c3TOtrDsKivuwMhJKvrmHJcpSPYU
-
Gh0st RAT payload
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-