General
-
Target
53784fbf57107c4de16dbeaf066794ee3f834c6be6a574a5439d4a3adab9f014
-
Size
1.3MB
-
Sample
230610-y7qkjage31
-
MD5
e0a29b218354601e47ff068d1f7a99a9
-
SHA1
c70c1e7644164f3bb6f9638699a99e4a4ea358ab
-
SHA256
53784fbf57107c4de16dbeaf066794ee3f834c6be6a574a5439d4a3adab9f014
-
SHA512
e147c5f4a871ce3f5fb74d1157bf420beaba3780783386ef0a91679105df1a3b4828aab34b323c5164f02ff4d9e8842b468eb376c7a658c7df8e89b45b3f4c47
-
SSDEEP
24576:TX7Nm3s9nuWSfva9lhN+RTrLg43+jllcPJwv/DWo8SQiI0+2bX5lcNJpTUG6qoz:wc1uRfvan+7gY+jllfDWfSk6fc
Behavioral task
behavioral1
Sample
53784fbf57107c4de16dbeaf066794ee3f834c6be6a574a5439d4a3adab9f014.exe
Resource
win7-20230220-en
Malware Config
Extracted
gh0strat
125.77.168.94
Targets
-
-
Target
53784fbf57107c4de16dbeaf066794ee3f834c6be6a574a5439d4a3adab9f014
-
Size
1.3MB
-
MD5
e0a29b218354601e47ff068d1f7a99a9
-
SHA1
c70c1e7644164f3bb6f9638699a99e4a4ea358ab
-
SHA256
53784fbf57107c4de16dbeaf066794ee3f834c6be6a574a5439d4a3adab9f014
-
SHA512
e147c5f4a871ce3f5fb74d1157bf420beaba3780783386ef0a91679105df1a3b4828aab34b323c5164f02ff4d9e8842b468eb376c7a658c7df8e89b45b3f4c47
-
SSDEEP
24576:TX7Nm3s9nuWSfva9lhN+RTrLg43+jllcPJwv/DWo8SQiI0+2bX5lcNJpTUG6qoz:wc1uRfvan+7gY+jllfDWfSk6fc
-
Gh0st RAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-