General
-
Target
tmp
-
Size
114KB
-
Sample
230326-s9p4wsha99
-
MD5
f1ec2cf6256a7c8543586065a07da47a
-
SHA1
4b09ea264e9762305f30668fe2ce7fc7999adc2f
-
SHA256
8ad50e2cd339bb8033e62937f73308441bdbe8acf61ad9edd1489eb35f3a2895
-
SHA512
faaa3483ebb0f02d1247788ec6cd41e83ecb3529ffb419b39d63b6068e1db388ffcce7557972f7349481462ffb3e4aba0a5991490163d4d84f84684dc5e3d78a
-
SSDEEP
3072:yyETbqC8r+DfEnMIXRyGcCHwuWWDPD6QbF6sRa:DEyifMXfcCQ+DOpC
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20230220-en
Malware Config
Extracted
gh0strat
81.68.216.37
Targets
-
-
Target
tmp
-
Size
114KB
-
MD5
f1ec2cf6256a7c8543586065a07da47a
-
SHA1
4b09ea264e9762305f30668fe2ce7fc7999adc2f
-
SHA256
8ad50e2cd339bb8033e62937f73308441bdbe8acf61ad9edd1489eb35f3a2895
-
SHA512
faaa3483ebb0f02d1247788ec6cd41e83ecb3529ffb419b39d63b6068e1db388ffcce7557972f7349481462ffb3e4aba0a5991490163d4d84f84684dc5e3d78a
-
SSDEEP
3072:yyETbqC8r+DfEnMIXRyGcCHwuWWDPD6QbF6sRa:DEyifMXfcCQ+DOpC
-
Gh0st RAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-