General
-
Target
02381c7510b4e59bc538785db36a8e10a04179911919d3aee2f49c6546d33c43
-
Size
580KB
-
Sample
230609-yawqaadb74
-
MD5
87d748a0ae1ec45b8ace9a2ceb6a3766
-
SHA1
e7d124c1b12e65d52f72f808731b3f0184a6ce10
-
SHA256
02381c7510b4e59bc538785db36a8e10a04179911919d3aee2f49c6546d33c43
-
SHA512
02ea5c169f831955fd08769261fc04ab7c20fe7c53d41a1d3044323c6353d6cd41a36a8576688fcff2e540d245adaba7fa70b9180f1027b94fc59d413c5fa5eb
-
SSDEEP
12288:I13jViY02vmO1oiRFr2vFrajw5Gc/kqO:QiY0+mOjErC2xcqO
Behavioral task
behavioral1
Sample
02381c7510b4e59bc538785db36a8e10a04179911919d3aee2f49c6546d33c43.exe
Resource
win7-20230220-en
Malware Config
Extracted
gh0strat
125.77.168.181
Targets
-
-
Target
02381c7510b4e59bc538785db36a8e10a04179911919d3aee2f49c6546d33c43
-
Size
580KB
-
MD5
87d748a0ae1ec45b8ace9a2ceb6a3766
-
SHA1
e7d124c1b12e65d52f72f808731b3f0184a6ce10
-
SHA256
02381c7510b4e59bc538785db36a8e10a04179911919d3aee2f49c6546d33c43
-
SHA512
02ea5c169f831955fd08769261fc04ab7c20fe7c53d41a1d3044323c6353d6cd41a36a8576688fcff2e540d245adaba7fa70b9180f1027b94fc59d413c5fa5eb
-
SSDEEP
12288:I13jViY02vmO1oiRFr2vFrajw5Gc/kqO:QiY0+mOjErC2xcqO
-
Gh0st RAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-