General
-
Target
78d771f27168654e2613cb58e87091399f2688243ab3fbca146c2fb7922adabb
-
Size
56KB
-
Sample
230507-d6341sbe42
-
MD5
73c3350704ffe9e275668949095bf71f
-
SHA1
cdaa1cd836994e9f918588b5a05717834939e3ce
-
SHA256
78d771f27168654e2613cb58e87091399f2688243ab3fbca146c2fb7922adabb
-
SHA512
30122cbca0ae696fa4a786b9db6908cb04697673a39f4dbf2a836a371f65eed9b623857f8a49bf56964faa77831423354b91f40994471264bb4938339477c3f7
-
SSDEEP
768:Vu9oX4vbafJP+At7QjEEEfEEEEEEEWEEEEEEEnz0SyCs1Vm89TQfLNfK1tRcjrpJ:w9o4GxPZ7zSps1EJZ8cjrNeooZdJUcA
Static task
static1
Behavioral task
behavioral1
Sample
78d771f27168654e2613cb58e87091399f2688243ab3fbca146c2fb7922adabb.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
78d771f27168654e2613cb58e87091399f2688243ab3fbca146c2fb7922adabb
-
Size
56KB
-
MD5
73c3350704ffe9e275668949095bf71f
-
SHA1
cdaa1cd836994e9f918588b5a05717834939e3ce
-
SHA256
78d771f27168654e2613cb58e87091399f2688243ab3fbca146c2fb7922adabb
-
SHA512
30122cbca0ae696fa4a786b9db6908cb04697673a39f4dbf2a836a371f65eed9b623857f8a49bf56964faa77831423354b91f40994471264bb4938339477c3f7
-
SSDEEP
768:Vu9oX4vbafJP+At7QjEEEfEEEEEEEWEEEEEEEnz0SyCs1Vm89TQfLNfK1tRcjrpJ:w9o4GxPZ7zSps1EJZ8cjrNeooZdJUcA
-
Gh0st RAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-