General
-
Target
b7b051aa2386491edf22fe4f3efa41015360da7d57784110e9eb4fefcc389a8c
-
Size
579KB
-
Sample
230609-x7lqxadb59
-
MD5
fae10d3f91a9871b3b3379da6c61281e
-
SHA1
38703aac5334eb253f6604a3e0aaf5ed3187c7c6
-
SHA256
b7b051aa2386491edf22fe4f3efa41015360da7d57784110e9eb4fefcc389a8c
-
SHA512
cf2d75c29d8e67227d4b3a2f51e5ab56d5080b0777df09e53d062d2ccafc2c74371fe4576c183d23d18d0a32e4a0961cfb58e14bf380dec6212e5a827bb875b0
-
SSDEEP
12288:zjwRywaO11fKZxRUeTTONFWTeinNFK0VIa9D5hJRqiNYbwPxN:IRzayKZse32DinNki9hfvNYbwPX
Behavioral task
behavioral1
Sample
b7b051aa2386491edf22fe4f3efa41015360da7d57784110e9eb4fefcc389a8c.exe
Resource
win7-20230220-en
Malware Config
Extracted
gh0strat
125.77.168.216
Targets
-
-
Target
b7b051aa2386491edf22fe4f3efa41015360da7d57784110e9eb4fefcc389a8c
-
Size
579KB
-
MD5
fae10d3f91a9871b3b3379da6c61281e
-
SHA1
38703aac5334eb253f6604a3e0aaf5ed3187c7c6
-
SHA256
b7b051aa2386491edf22fe4f3efa41015360da7d57784110e9eb4fefcc389a8c
-
SHA512
cf2d75c29d8e67227d4b3a2f51e5ab56d5080b0777df09e53d062d2ccafc2c74371fe4576c183d23d18d0a32e4a0961cfb58e14bf380dec6212e5a827bb875b0
-
SSDEEP
12288:zjwRywaO11fKZxRUeTTONFWTeinNFK0VIa9D5hJRqiNYbwPxN:IRzayKZse32DinNki9hfvNYbwPX
-
Gh0st RAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-