General
-
Target
tmp
-
Size
720KB
-
Sample
230408-mnp9wach82
-
MD5
360a77d93eabf70e75735e3e42378a4d
-
SHA1
10b32d41b442352be8f4e8bc852dced9ebfdc6c8
-
SHA256
0cd5ba847ee4e7966429e8f2e746bea07b0812db06bd02d262b1b0046e5a32d6
-
SHA512
56f08de22e1c012660c2f839c527f37235d34f7be6af5cf0944ee11ab1eb96fdb2882cb3040b119ca31e71c9d63390747982432c5fa4781b2b61e41072efd4cc
-
SSDEEP
12288:AEj95N5zSmai5m7cRIOTrOtjpwdoy3CgByyy/0zjwveiE86rc0SaSEm7J:tx5Non7cRIUOzyPIyycjw2iE8v0SavEJ
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20230220-en
Malware Config
Extracted
gh0strat
45.207.11.105
Targets
-
-
Target
tmp
-
Size
720KB
-
MD5
360a77d93eabf70e75735e3e42378a4d
-
SHA1
10b32d41b442352be8f4e8bc852dced9ebfdc6c8
-
SHA256
0cd5ba847ee4e7966429e8f2e746bea07b0812db06bd02d262b1b0046e5a32d6
-
SHA512
56f08de22e1c012660c2f839c527f37235d34f7be6af5cf0944ee11ab1eb96fdb2882cb3040b119ca31e71c9d63390747982432c5fa4781b2b61e41072efd4cc
-
SSDEEP
12288:AEj95N5zSmai5m7cRIOTrOtjpwdoy3CgByyy/0zjwveiE86rc0SaSEm7J:tx5Non7cRIUOzyPIyycjw2iE8v0SavEJ
-
Gh0st RAT payload
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-