General
-
Target
cd125f42a87398f24569fb65fd7cf6c1e272196ea782e13bc207e33aaa2dbf1c
-
Size
591KB
-
Sample
230608-x6bvbahg42
-
MD5
32e9699100ac0200046884edb0aea816
-
SHA1
0005633286db9638b353b16d35cce77ac0529d07
-
SHA256
cd125f42a87398f24569fb65fd7cf6c1e272196ea782e13bc207e33aaa2dbf1c
-
SHA512
aed0d037f4aaf01610c0cc67a1cd4788492bb7fcbddff7a653b6bcb3ffcb8535bc734cef3c4997e5ca6809b0c44b8c49bf45534ffef78e0d557db3e2d6814c85
-
SSDEEP
12288:Zf4nVTIxh3lkVcPVJle2f4VIgKwzUhg/tnDuJ+oz:ZwnmaVc9JMW4VpKSLtDuJR
Behavioral task
behavioral1
Sample
cd125f42a87398f24569fb65fd7cf6c1e272196ea782e13bc207e33aaa2dbf1c.exe
Resource
win7-20230220-en
Malware Config
Extracted
gh0strat
125.77.168.42
Targets
-
-
Target
cd125f42a87398f24569fb65fd7cf6c1e272196ea782e13bc207e33aaa2dbf1c
-
Size
591KB
-
MD5
32e9699100ac0200046884edb0aea816
-
SHA1
0005633286db9638b353b16d35cce77ac0529d07
-
SHA256
cd125f42a87398f24569fb65fd7cf6c1e272196ea782e13bc207e33aaa2dbf1c
-
SHA512
aed0d037f4aaf01610c0cc67a1cd4788492bb7fcbddff7a653b6bcb3ffcb8535bc734cef3c4997e5ca6809b0c44b8c49bf45534ffef78e0d557db3e2d6814c85
-
SSDEEP
12288:Zf4nVTIxh3lkVcPVJle2f4VIgKwzUhg/tnDuJ+oz:ZwnmaVc9JMW4VpKSLtDuJR
-
Gh0st RAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-