General
-
Target
tmp
-
Size
724KB
-
Sample
230408-mq923ach96
-
MD5
33e07ed6aa0f8ee87b39351518e24030
-
SHA1
82fc27c5319d2b7221e9bc634b6270664e48e23b
-
SHA256
a2fc5086e8669ff1f8caeaa2ed690f57fb0110a901a6029b334fac7d2fd7ae73
-
SHA512
ef9c4d5dc48e341e86e658446f50aed76e415fa32631339b59c9cb6ad61d968ec02208fe5bc4952206302fd4112ad34df5206f5196976b68539d709bac800bec
-
SSDEEP
12288:Z61KA2BJTnGeSMI/5TfyMFsTU4G8epkF9HcLAuncNurwVBaa4ycMBgtp5simQeDX:EKAEJTn6jlyU4GJpkF2lck6aa4yPYYQJ
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20230220-en
Malware Config
Extracted
gh0strat
124.220.35.63
Targets
-
-
Target
tmp
-
Size
724KB
-
MD5
33e07ed6aa0f8ee87b39351518e24030
-
SHA1
82fc27c5319d2b7221e9bc634b6270664e48e23b
-
SHA256
a2fc5086e8669ff1f8caeaa2ed690f57fb0110a901a6029b334fac7d2fd7ae73
-
SHA512
ef9c4d5dc48e341e86e658446f50aed76e415fa32631339b59c9cb6ad61d968ec02208fe5bc4952206302fd4112ad34df5206f5196976b68539d709bac800bec
-
SSDEEP
12288:Z61KA2BJTnGeSMI/5TfyMFsTU4G8epkF9HcLAuncNurwVBaa4ycMBgtp5simQeDX:EKAEJTn6jlyU4GJpkF2lck6aa4yPYYQJ
-
Gh0st RAT payload
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-