General
-
Target
tmp
-
Size
724KB
-
Sample
230408-mtsxyseh7y
-
MD5
aafb88179338a12e6587bf530f01af8b
-
SHA1
5a3e0f8db8384c6cad9d0db26f9c3b72d11ad9d1
-
SHA256
fc45a2906721098cabe88828b7c7607bc55f8813e7f0cfaa10e0e2d8cb8b0277
-
SHA512
30a6d739f8138cb6b08b7d91a0b68f385214060e8b84426d35f5a2e8231c7f26ea072b39554ed808fb90b650733d660ab948a4fecd409c365b06719ce6c4cb88
-
SSDEEP
12288:rUnIcs/mNZzwQEgyn3f3env0RlpztCUO9W2Pwq0UNglWZcKe6yRDHF/i506O7JBF:rUb0mPzwRfuv0RlRtCP/0U2MSK/OM2PF
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20230220-en
Malware Config
Extracted
gh0strat
103.195.150.229
Targets
-
-
Target
tmp
-
Size
724KB
-
MD5
aafb88179338a12e6587bf530f01af8b
-
SHA1
5a3e0f8db8384c6cad9d0db26f9c3b72d11ad9d1
-
SHA256
fc45a2906721098cabe88828b7c7607bc55f8813e7f0cfaa10e0e2d8cb8b0277
-
SHA512
30a6d739f8138cb6b08b7d91a0b68f385214060e8b84426d35f5a2e8231c7f26ea072b39554ed808fb90b650733d660ab948a4fecd409c365b06719ce6c4cb88
-
SSDEEP
12288:rUnIcs/mNZzwQEgyn3f3env0RlpztCUO9W2Pwq0UNglWZcKe6yRDHF/i506O7JBF:rUb0mPzwRfuv0RlRtCP/0U2MSK/OM2PF
-
Gh0st RAT payload
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-