General
-
Target
08328899.exe
-
Size
284KB
-
Sample
230531-hdvz6adc95
-
MD5
6a5b8d421e055ede3b2dcbedb9d834d7
-
SHA1
92fc4058baf9a6d33ca3232402c7bd5511000c11
-
SHA256
33a8f5100c1888a055f3ec238ec07e1adb4023b66f17469f1f7eb5679fecf889
-
SHA512
f5966b5d3a6697698e1fe5db9736101168430e6a597d94ea7426d2946fc2b533fd9e657543404cb2de777c1c8268b4d2e78000bd4ab5895715c4c6eccf566b5e
-
SSDEEP
6144:G9hIq9bEO1QIbgTApqQCsGQZt+3Y1tMmbWsccC6g6v66666ES66666E6kD66666m:cIquhLMpqXA+3Y12wWncC6g6v66666E+
Static task
static1
Behavioral task
behavioral1
Sample
08328899.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
08328899.exe
-
Size
284KB
-
MD5
6a5b8d421e055ede3b2dcbedb9d834d7
-
SHA1
92fc4058baf9a6d33ca3232402c7bd5511000c11
-
SHA256
33a8f5100c1888a055f3ec238ec07e1adb4023b66f17469f1f7eb5679fecf889
-
SHA512
f5966b5d3a6697698e1fe5db9736101168430e6a597d94ea7426d2946fc2b533fd9e657543404cb2de777c1c8268b4d2e78000bd4ab5895715c4c6eccf566b5e
-
SSDEEP
6144:G9hIq9bEO1QIbgTApqQCsGQZt+3Y1tMmbWsccC6g6v66666ES66666E6kD66666m:cIquhLMpqXA+3Y12wWncC6g6v66666E+
-
Gh0st RAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-