General
-
Target
dc3cced7b0d786238e59a110a0eeffac8d0d7a63c185bf876f75676822a45f3f
-
Size
2.5MB
-
Sample
230804-k8hpesbd9s
-
MD5
38553a823bde3824691e7c3bf08309de
-
SHA1
7ba0ce2e08d992ed2dbfabab83861e0da5b813df
-
SHA256
dc3cced7b0d786238e59a110a0eeffac8d0d7a63c185bf876f75676822a45f3f
-
SHA512
4f647eeeb597b8c6cfc318c9a5c2900b8b1ac9011677439abf62efa218b820eef9ea2cd98f8628c557e2c0d7929640d5f05ea261cc591297ac2ca666590c3f5e
-
SSDEEP
49152:cm0uO5/cdiapdKHBo56c6om1UngfRYpFcNfWalP4NKx3emJqVskRDZ5cNusET:X9O5sCaP6onl0NfWalP623XqV5Dk/ET
Static task
static1
Behavioral task
behavioral1
Sample
dc3cced7b0d786238e59a110a0eeffac8d0d7a63c185bf876f75676822a45f3f.exe
Resource
win7-20230712-en
Malware Config
Targets
-
-
Target
dc3cced7b0d786238e59a110a0eeffac8d0d7a63c185bf876f75676822a45f3f
-
Size
2.5MB
-
MD5
38553a823bde3824691e7c3bf08309de
-
SHA1
7ba0ce2e08d992ed2dbfabab83861e0da5b813df
-
SHA256
dc3cced7b0d786238e59a110a0eeffac8d0d7a63c185bf876f75676822a45f3f
-
SHA512
4f647eeeb597b8c6cfc318c9a5c2900b8b1ac9011677439abf62efa218b820eef9ea2cd98f8628c557e2c0d7929640d5f05ea261cc591297ac2ca666590c3f5e
-
SSDEEP
49152:cm0uO5/cdiapdKHBo56c6om1UngfRYpFcNfWalP4NKx3emJqVskRDZ5cNusET:X9O5sCaP6onl0NfWalP623XqV5Dk/ET
-
Gh0st RAT payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-