General
-
Target
486a5ea78e8d8612b349d8ab6b6b45328cf4488810d15b6322c492952a1a2a92
-
Size
1.7MB
-
Sample
230816-cx4hraee27
-
MD5
bfc91a8472ec3c6d7d25f86aab67ec2d
-
SHA1
9ed053e0ceee4afab8dd783d335561d0581d5f3b
-
SHA256
486a5ea78e8d8612b349d8ab6b6b45328cf4488810d15b6322c492952a1a2a92
-
SHA512
cb9583012c661b2aacede74a5063165fdb5a934137b368ff3ddf17ccdd230ef070bea128a7303a3198c10009b1eeb2e83c75529924e1141861f40dc2795c8562
-
SSDEEP
49152:YPJGmKqmJsJ64ArytAJ+N5KvCtAuevnu5l1zW3:YP4m7mROPEvC+uevuVW3
Static task
static1
Behavioral task
behavioral1
Sample
486a5ea78e8d8612b349d8ab6b6b45328cf4488810d15b6322c492952a1a2a92.exe
Resource
win7-20230712-en
Malware Config
Targets
-
-
Target
486a5ea78e8d8612b349d8ab6b6b45328cf4488810d15b6322c492952a1a2a92
-
Size
1.7MB
-
MD5
bfc91a8472ec3c6d7d25f86aab67ec2d
-
SHA1
9ed053e0ceee4afab8dd783d335561d0581d5f3b
-
SHA256
486a5ea78e8d8612b349d8ab6b6b45328cf4488810d15b6322c492952a1a2a92
-
SHA512
cb9583012c661b2aacede74a5063165fdb5a934137b368ff3ddf17ccdd230ef070bea128a7303a3198c10009b1eeb2e83c75529924e1141861f40dc2795c8562
-
SSDEEP
49152:YPJGmKqmJsJ64ArytAJ+N5KvCtAuevnu5l1zW3:YP4m7mROPEvC+uevuVW3
-
Gh0st RAT payload
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-