General
-
Target
11db6ff7c90f9fa839c507f8d5974b39fd0ba8866ec0e83a3e1b78db74592d64.exe
-
Size
1.2MB
-
Sample
230405-m6nh1aga3s
-
MD5
c33712f1c6ddfcb8e566bcdd9f2eefc7
-
SHA1
6d8208b47599d34f8fddca13496fbfd891e2f535
-
SHA256
11db6ff7c90f9fa839c507f8d5974b39fd0ba8866ec0e83a3e1b78db74592d64
-
SHA512
319ed15bf31740e1dd11fac7a195342ab7372c26ce39b7c5afdec7bb76eae5df58812b0da9b79934d2512b9239abc15c6d83cb4860025593cf74151b4695ae26
-
SSDEEP
24576:HovxCwgMBqHO5ZdYXOp0nQrXctTfK+d+MrTXowFlw57XYBwJti5:WIwgMEuy+inDfp3/XoCw57XYBwK5
Behavioral task
behavioral1
Sample
11db6ff7c90f9fa839c507f8d5974b39fd0ba8866ec0e83a3e1b78db74592d64.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
11db6ff7c90f9fa839c507f8d5974b39fd0ba8866ec0e83a3e1b78db74592d64.exe
-
Size
1.2MB
-
MD5
c33712f1c6ddfcb8e566bcdd9f2eefc7
-
SHA1
6d8208b47599d34f8fddca13496fbfd891e2f535
-
SHA256
11db6ff7c90f9fa839c507f8d5974b39fd0ba8866ec0e83a3e1b78db74592d64
-
SHA512
319ed15bf31740e1dd11fac7a195342ab7372c26ce39b7c5afdec7bb76eae5df58812b0da9b79934d2512b9239abc15c6d83cb4860025593cf74151b4695ae26
-
SSDEEP
24576:HovxCwgMBqHO5ZdYXOp0nQrXctTfK+d+MrTXowFlw57XYBwJti5:WIwgMEuy+inDfp3/XoCw57XYBwK5
-
Gh0st RAT payload
-
Drops file in Drivers directory
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-