General
-
Target
64c1d43d1d0418960df299b27eecdb492be53f11f37a6cbbc9e68d539476466b
-
Size
1.7MB
-
Sample
230813-ynzdbsea82
-
MD5
f5d902156d5783e57ec846b99a6aa5e8
-
SHA1
48359807bd69fc6402130938b4233a6c9883dd5c
-
SHA256
64c1d43d1d0418960df299b27eecdb492be53f11f37a6cbbc9e68d539476466b
-
SHA512
29e25d91f74840522eb2549e0548f6278383b49fe16453dcfdcf2ab592ec07758b5e7ddd304c6947ff42887b54cf3a17a09bceadb8a9fa242c2f8f21f8c2cbf9
-
SSDEEP
24576:Jb2UYAkfXTDf2llPdlvyKqk59M58eI7t8MOjb9gOBf7B1d2b56L55yT+JjT31/RQ:g7H2PPzrM5XaeBgOFwQlsT+Jf1hRA3
Static task
static1
Behavioral task
behavioral1
Sample
64c1d43d1d0418960df299b27eecdb492be53f11f37a6cbbc9e68d539476466b.exe
Resource
win7-20230712-en
Malware Config
Targets
-
-
Target
64c1d43d1d0418960df299b27eecdb492be53f11f37a6cbbc9e68d539476466b
-
Size
1.7MB
-
MD5
f5d902156d5783e57ec846b99a6aa5e8
-
SHA1
48359807bd69fc6402130938b4233a6c9883dd5c
-
SHA256
64c1d43d1d0418960df299b27eecdb492be53f11f37a6cbbc9e68d539476466b
-
SHA512
29e25d91f74840522eb2549e0548f6278383b49fe16453dcfdcf2ab592ec07758b5e7ddd304c6947ff42887b54cf3a17a09bceadb8a9fa242c2f8f21f8c2cbf9
-
SSDEEP
24576:Jb2UYAkfXTDf2llPdlvyKqk59M58eI7t8MOjb9gOBf7B1d2b56L55yT+JjT31/RQ:g7H2PPzrM5XaeBgOFwQlsT+Jf1hRA3
-
Gh0st RAT payload
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-