General
-
Target
maochilaoshu.exe
-
Size
2.9MB
-
Sample
230620-przc3abh75
-
MD5
0772c75ff821f29e479ddc1da9a87740
-
SHA1
a06b6ed12126982f590893526ae6e3eec56ee4fc
-
SHA256
97c0b79f8421a1b0c3ef8129564ecf8b6ef037bdd432c8e856fd84e5d207edf4
-
SHA512
f0c40bb177c6ec4879840410fd0510bdf3c5d3e6a0de8d8f4ca98c23d0557f41f3e557184637ee9b29821b24927d5cea2951b118c84f5164a65ed3a580631286
-
SSDEEP
49152:WVbFeZNzXNBukNbW1Z6ZbaHcYz5aAVKiw6ZWqTG93jJ3hWpVcQ:ubONzdBPKg3Yz5J/693kb
Static task
static1
Malware Config
Targets
-
-
Target
maochilaoshu.exe
-
Size
2.9MB
-
MD5
0772c75ff821f29e479ddc1da9a87740
-
SHA1
a06b6ed12126982f590893526ae6e3eec56ee4fc
-
SHA256
97c0b79f8421a1b0c3ef8129564ecf8b6ef037bdd432c8e856fd84e5d207edf4
-
SHA512
f0c40bb177c6ec4879840410fd0510bdf3c5d3e6a0de8d8f4ca98c23d0557f41f3e557184637ee9b29821b24927d5cea2951b118c84f5164a65ed3a580631286
-
SSDEEP
49152:WVbFeZNzXNBukNbW1Z6ZbaHcYz5aAVKiw6ZWqTG93jJ3hWpVcQ:ubONzdBPKg3Yz5J/693kb
-
Gh0st RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-