General
-
Target
9ca649213daddff82ff8e7c3248b8e0b96c661fe23edafb36713ddf8ed925216
-
Size
800KB
-
Sample
230830-ykybvshg51
-
MD5
ea261eecc11a592e98a53c2717dbbf59
-
SHA1
3667877479cccf32170b7b011dbf66e8d93187e9
-
SHA256
9ca649213daddff82ff8e7c3248b8e0b96c661fe23edafb36713ddf8ed925216
-
SHA512
c73afacdcf957f41f6f7664ea1c49e39dc65f3212c11489d2ba3b4ac09f771e177c46e3b6005c61b51f095c0ccf610e3a763b84314d4e7e8d03c6eea8ea8bb52
-
SSDEEP
24576:L/CSI8xm3JjNkH4ZalBRCPbqv0XslzMzX2W1mVEEuCqSlOy+lt:LZm5jNkH7RCLXTruMNSct
Static task
static1
Behavioral task
behavioral1
Sample
9ca649213daddff82ff8e7c3248b8e0b96c661fe23edafb36713ddf8ed925216.exe
Resource
win7-20230712-en
Malware Config
Targets
-
-
Target
9ca649213daddff82ff8e7c3248b8e0b96c661fe23edafb36713ddf8ed925216
-
Size
800KB
-
MD5
ea261eecc11a592e98a53c2717dbbf59
-
SHA1
3667877479cccf32170b7b011dbf66e8d93187e9
-
SHA256
9ca649213daddff82ff8e7c3248b8e0b96c661fe23edafb36713ddf8ed925216
-
SHA512
c73afacdcf957f41f6f7664ea1c49e39dc65f3212c11489d2ba3b4ac09f771e177c46e3b6005c61b51f095c0ccf610e3a763b84314d4e7e8d03c6eea8ea8bb52
-
SSDEEP
24576:L/CSI8xm3JjNkH4ZalBRCPbqv0XslzMzX2W1mVEEuCqSlOy+lt:LZm5jNkH7RCLXTruMNSct
-
Gh0st RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-