General
-
Target
tmp
-
Size
2.7MB
-
Sample
230519-nmg3jsde26
-
MD5
6c99aa5d2bed8e90452d5a6a77c72f65
-
SHA1
c0c91c9c4be9285baeeabf0c48c637078ac0c9a1
-
SHA256
822c9d934cb53ca7bf76f899ad40500b4d04d24a6b044be4ed6494564e8e99e0
-
SHA512
2da92dbcb491370f99a253cdd62a5a9e3b905517ab2a31bbad53232d68b8eed946b423fec7dfb24aea878ab0184f9f3838cdeaba3bc65c2f923aad070d1ac1c2
-
SSDEEP
49152:KCwsbCANnKXferL7Vwe/Gg0P+WhdwTGH7sH:dws2ANnKXOaeOgmhdwTSsH
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20230220-en
Malware Config
Extracted
gh0strat
159.75.0.162
Targets
-
-
Target
tmp
-
Size
2.7MB
-
MD5
6c99aa5d2bed8e90452d5a6a77c72f65
-
SHA1
c0c91c9c4be9285baeeabf0c48c637078ac0c9a1
-
SHA256
822c9d934cb53ca7bf76f899ad40500b4d04d24a6b044be4ed6494564e8e99e0
-
SHA512
2da92dbcb491370f99a253cdd62a5a9e3b905517ab2a31bbad53232d68b8eed946b423fec7dfb24aea878ab0184f9f3838cdeaba3bc65c2f923aad070d1ac1c2
-
SSDEEP
49152:KCwsbCANnKXferL7Vwe/Gg0P+WhdwTGH7sH:dws2ANnKXOaeOgmhdwTSsH
-
Gh0st RAT payload
-
Modifies firewall policy service
-
Drops file in Drivers directory
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-