General
-
Target
f8cb9362c376f20e746bbe242ea71c956ee250c30f22f7349c7afb10b2d18cf9
-
Size
788KB
-
Sample
230831-ypcwqaab26
-
MD5
08fa2e5382b6cf931b3966efdd177a4f
-
SHA1
28c8218b6ce35fcc53cc1526999a6f805be93c44
-
SHA256
f8cb9362c376f20e746bbe242ea71c956ee250c30f22f7349c7afb10b2d18cf9
-
SHA512
530d3d059e64bec09188846d5826567a53fd89b0d3be55e58bea85fad24e38b21cf41ad120ad52a8654cf7420ab54587ac1981dda16aa212919e467e06d92ece
-
SSDEEP
6144:+Wf1iZ+ciJWB5uJJsxfbJWB5uJJsxfYGdijZ:+WfkZGJWBYJJsxDJWBYJJsxw
Static task
static1
Behavioral task
behavioral1
Sample
f8cb9362c376f20e746bbe242ea71c956ee250c30f22f7349c7afb10b2d18cf9.exe
Resource
win7-20230712-en
Malware Config
Targets
-
-
Target
f8cb9362c376f20e746bbe242ea71c956ee250c30f22f7349c7afb10b2d18cf9
-
Size
788KB
-
MD5
08fa2e5382b6cf931b3966efdd177a4f
-
SHA1
28c8218b6ce35fcc53cc1526999a6f805be93c44
-
SHA256
f8cb9362c376f20e746bbe242ea71c956ee250c30f22f7349c7afb10b2d18cf9
-
SHA512
530d3d059e64bec09188846d5826567a53fd89b0d3be55e58bea85fad24e38b21cf41ad120ad52a8654cf7420ab54587ac1981dda16aa212919e467e06d92ece
-
SSDEEP
6144:+Wf1iZ+ciJWB5uJJsxfbJWB5uJJsxfYGdijZ:+WfkZGJWBYJJsxDJWBYJJsxw
-
Gh0st RAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-