General
-
Target
4b3e07b87319ae9cba488d6dd25932b9e4d7ce499fb4fe643a4f8e2349ccf9c2
-
Size
2.8MB
-
Sample
230613-yb29fsbc88
-
MD5
7d363717ff9d31add3c9763e28a02d6c
-
SHA1
559535de142d7349dbb49675129d0b9c78c74cf0
-
SHA256
4b3e07b87319ae9cba488d6dd25932b9e4d7ce499fb4fe643a4f8e2349ccf9c2
-
SHA512
80da70e9fed003db6e70bdb511a1c53fe14bde61dc2ef916a076cc8064fd5d433349574f2d75d90d03c71ffaa7ca5c7c55d3f8f3282f796dc199c32d86cfe27a
-
SSDEEP
49152:aIPTWN4hEuqgv3BukNbWlZ6ZbaHcYz5aAVKiw6ZWqTG93jJ3hWpVcn:jPTFEurfBP2g3Yz5J/693k+
Static task
static1
Behavioral task
behavioral1
Sample
4b3e07b87319ae9cba488d6dd25932b9e4d7ce499fb4fe643a4f8e2349ccf9c2.exe
Resource
win7-20230220-en
Malware Config
Extracted
gh0strat
125.77.168.181
Targets
-
-
Target
4b3e07b87319ae9cba488d6dd25932b9e4d7ce499fb4fe643a4f8e2349ccf9c2
-
Size
2.8MB
-
MD5
7d363717ff9d31add3c9763e28a02d6c
-
SHA1
559535de142d7349dbb49675129d0b9c78c74cf0
-
SHA256
4b3e07b87319ae9cba488d6dd25932b9e4d7ce499fb4fe643a4f8e2349ccf9c2
-
SHA512
80da70e9fed003db6e70bdb511a1c53fe14bde61dc2ef916a076cc8064fd5d433349574f2d75d90d03c71ffaa7ca5c7c55d3f8f3282f796dc199c32d86cfe27a
-
SSDEEP
49152:aIPTWN4hEuqgv3BukNbWlZ6ZbaHcYz5aAVKiw6ZWqTG93jJ3hWpVcn:jPTFEurfBP2g3Yz5J/693k+
-
Gh0st RAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-