General
-
Target
64f712cb15fa4f64bb79cadf045248b03ecb8ca6b17aa59c09f6376c7219e666
-
Size
2.5MB
-
Sample
230830-zsnytsac5v
-
MD5
8288f7cd48fcd1ac3cda93adedc583ae
-
SHA1
d7b556b90f0dc40e114eef38de64ece8bbd4ab4a
-
SHA256
64f712cb15fa4f64bb79cadf045248b03ecb8ca6b17aa59c09f6376c7219e666
-
SHA512
74e0a901e598ccb9836cf978a081c4ac176344fab6e5a074fae35b3b336eed6c5eac2df8865a3e7f2d9d22365fea07b08220f781b64bbfb3b89f3e9a85ba8030
-
SSDEEP
49152:8gAPH2EPq5WAnuoSKFbC9N9wBKqPDQ4lxKBa:8grmq5trnG9N96LJxi
Static task
static1
Behavioral task
behavioral1
Sample
64f712cb15fa4f64bb79cadf045248b03ecb8ca6b17aa59c09f6376c7219e666.exe
Resource
win7-20230824-en
Malware Config
Targets
-
-
Target
64f712cb15fa4f64bb79cadf045248b03ecb8ca6b17aa59c09f6376c7219e666
-
Size
2.5MB
-
MD5
8288f7cd48fcd1ac3cda93adedc583ae
-
SHA1
d7b556b90f0dc40e114eef38de64ece8bbd4ab4a
-
SHA256
64f712cb15fa4f64bb79cadf045248b03ecb8ca6b17aa59c09f6376c7219e666
-
SHA512
74e0a901e598ccb9836cf978a081c4ac176344fab6e5a074fae35b3b336eed6c5eac2df8865a3e7f2d9d22365fea07b08220f781b64bbfb3b89f3e9a85ba8030
-
SSDEEP
49152:8gAPH2EPq5WAnuoSKFbC9N9wBKqPDQ4lxKBa:8grmq5trnG9N96LJxi
-
Gh0st RAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-