General
-
Target
e49469e7ea6bc4a838867c6d070f888dcafd2b4f5cda90f84aee03a47538ed05
-
Size
4.6MB
-
Sample
230330-c475hscd2t
-
MD5
096ccc345415b89352ded241afc64e2b
-
SHA1
ef66e15f03195b3fd58308a97ba4380b4e3587da
-
SHA256
e49469e7ea6bc4a838867c6d070f888dcafd2b4f5cda90f84aee03a47538ed05
-
SHA512
5c68a1989d3866cc97f1b3d9a9e68f25b41a6f857f4b3b0f8388983a3b858be476d66903a4fcd2dc3960ef486888c999288a302ac50bb4d7c8ee116414b28477
-
SSDEEP
98304:4xG6Ww1+meGUOowomFbZy8VctmCmavSB6lcR4z+oStmawATRU:4JcrGUOow1k8CpO6lc6K3cYT
Static task
static1
Behavioral task
behavioral1
Sample
e49469e7ea6bc4a838867c6d070f888dcafd2b4f5cda90f84aee03a47538ed05.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
e49469e7ea6bc4a838867c6d070f888dcafd2b4f5cda90f84aee03a47538ed05
-
Size
4.6MB
-
MD5
096ccc345415b89352ded241afc64e2b
-
SHA1
ef66e15f03195b3fd58308a97ba4380b4e3587da
-
SHA256
e49469e7ea6bc4a838867c6d070f888dcafd2b4f5cda90f84aee03a47538ed05
-
SHA512
5c68a1989d3866cc97f1b3d9a9e68f25b41a6f857f4b3b0f8388983a3b858be476d66903a4fcd2dc3960ef486888c999288a302ac50bb4d7c8ee116414b28477
-
SSDEEP
98304:4xG6Ww1+meGUOowomFbZy8VctmCmavSB6lcR4z+oStmawATRU:4JcrGUOow1k8CpO6lc6K3cYT
-
Gh0st RAT payload
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-