General
-
Target
dc49a5a5a4c7a7f6ee21f7dac1c12b4f4010f8d9a7a84a101656b5a3fc16234c
-
Size
1.6MB
-
Sample
230828-j1jfbabb2s
-
MD5
b73ce676ff2cd54004c2f07722cdaaee
-
SHA1
f31307dd6232a3e93e4899d5f85a979b9673ba4d
-
SHA256
dc49a5a5a4c7a7f6ee21f7dac1c12b4f4010f8d9a7a84a101656b5a3fc16234c
-
SHA512
726c3481a332208529a09c45bda23a68f4d46bb4424b3b4117b70648a7b3d3cf931f1882a0c4aacba337193ca5af57444317a64664e46ef75edde40b00090332
-
SSDEEP
24576:hZzl4MJIHREqYzuk/CEOBRltT5agt+1seoB+L1EydiRZDVHKdFUMmula1B:hZxPix+TO3+1GBGCydiRZRHkSolar
Static task
static1
Behavioral task
behavioral1
Sample
dc49a5a5a4c7a7f6ee21f7dac1c12b4f4010f8d9a7a84a101656b5a3fc16234c.exe
Resource
win7-20230712-en
Malware Config
Targets
-
-
Target
dc49a5a5a4c7a7f6ee21f7dac1c12b4f4010f8d9a7a84a101656b5a3fc16234c
-
Size
1.6MB
-
MD5
b73ce676ff2cd54004c2f07722cdaaee
-
SHA1
f31307dd6232a3e93e4899d5f85a979b9673ba4d
-
SHA256
dc49a5a5a4c7a7f6ee21f7dac1c12b4f4010f8d9a7a84a101656b5a3fc16234c
-
SHA512
726c3481a332208529a09c45bda23a68f4d46bb4424b3b4117b70648a7b3d3cf931f1882a0c4aacba337193ca5af57444317a64664e46ef75edde40b00090332
-
SSDEEP
24576:hZzl4MJIHREqYzuk/CEOBRltT5agt+1seoB+L1EydiRZDVHKdFUMmula1B:hZxPix+TO3+1GBGCydiRZRHkSolar
-
Gh0st RAT payload
-
Deletes itself
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-