General
-
Target
tmp
-
Size
720KB
-
Sample
230408-mzl2laeh9z
-
MD5
f708f02cb496196eb5bfe4b49473cef4
-
SHA1
d24f9529f080589f3d840aed084e97a504cd6293
-
SHA256
eb669e7365cbad282e4d7dec3bc60da80c60c7f3c4355efd00a32da4fecd9558
-
SHA512
76e00f2860cb2bd369bbf2ad2d10abf210212afe08c2a830a10b86f4fb0ca6003460847de01309dec9cb83b72d2af9cd426a6dfb3d4d4ffd4ee5f00738ffac8d
-
SSDEEP
12288:1hQZd75nad9xA/NgnT0P5VD0o+JAQCo7KUhN1oEegFAg0Q5bO9BdDjBmgb/j6lhE:1yZJ5nioNgn4DdSAnoOONNe8d+dcgb/h
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20230220-en
Malware Config
Extracted
gh0strat
38.47.204.22
Targets
-
-
Target
tmp
-
Size
720KB
-
MD5
f708f02cb496196eb5bfe4b49473cef4
-
SHA1
d24f9529f080589f3d840aed084e97a504cd6293
-
SHA256
eb669e7365cbad282e4d7dec3bc60da80c60c7f3c4355efd00a32da4fecd9558
-
SHA512
76e00f2860cb2bd369bbf2ad2d10abf210212afe08c2a830a10b86f4fb0ca6003460847de01309dec9cb83b72d2af9cd426a6dfb3d4d4ffd4ee5f00738ffac8d
-
SSDEEP
12288:1hQZd75nad9xA/NgnT0P5VD0o+JAQCo7KUhN1oEegFAg0Q5bO9BdDjBmgb/j6lhE:1yZJ5nioNgn4DdSAnoOONNe8d+dcgb/h
-
Gh0st RAT payload
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-