General
-
Target
maochilaoshu.zip
-
Size
1.4MB
-
Sample
230620-tarzwaeb41
-
MD5
1e91c9334d07c15c2d724311f97d962f
-
SHA1
f8089a0b6472d13b9ad54225f9c251d7fc185833
-
SHA256
7ee5450afa7aae8af9ed319028de5a080dc554ee52b9eabf14117c61850b89b6
-
SHA512
38164610e39907aff642bbadf116a77ef8fee683dc8e4167643f76f70f9ffb719877f44e85beb4c77f8273ec36914dde1c7af54f77665df514fd4a4836324934
-
SSDEEP
24576:tKtwMFzsKE6q7/sTmojLboPzOu1l3AS/34/jYrBk0E+xgBT6MgjfAJ9MR81w4IJL:0+Mk6liojnoPzltd/eYrBr5ggjfApIwE
Static task
static1
Malware Config
Targets
-
-
Target
maochilaoshu.exe
-
Size
2.9MB
-
MD5
0772c75ff821f29e479ddc1da9a87740
-
SHA1
a06b6ed12126982f590893526ae6e3eec56ee4fc
-
SHA256
97c0b79f8421a1b0c3ef8129564ecf8b6ef037bdd432c8e856fd84e5d207edf4
-
SHA512
f0c40bb177c6ec4879840410fd0510bdf3c5d3e6a0de8d8f4ca98c23d0557f41f3e557184637ee9b29821b24927d5cea2951b118c84f5164a65ed3a580631286
-
SSDEEP
49152:WVbFeZNzXNBukNbW1Z6ZbaHcYz5aAVKiw6ZWqTG93jJ3hWpVcQ:ubONzdBPKg3Yz5J/693kb
-
Gh0st RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-