General
-
Target
fa0c0f8b78d82e551307f82653476b528019d9b6a244b4926cffedaa7fdebb20
-
Size
1.4MB
-
Sample
231013-qh8e2sbh83
-
MD5
a290036850c46087bef2e9397f679765
-
SHA1
a819e551ee45e25583505389c3b63da7dc340cb2
-
SHA256
fa0c0f8b78d82e551307f82653476b528019d9b6a244b4926cffedaa7fdebb20
-
SHA512
d61c2af16f6d8acac4c591d5cda1c50f3f925e2079c1697ef8da608483f9958474fd7e47826789bc8ecd9acb0a6c0b06be1ac0a082d7264db00496b4316c2572
-
SSDEEP
24576:kOQpwBCp2TjRg3SMlowWhI0PIpxRVInc6TEtAjLprdCiuU0Oqcdli:kJOjx6owWhI0PIpLKH/jVr9h+
Behavioral task
behavioral1
Sample
fa0c0f8b78d82e551307f82653476b528019d9b6a244b4926cffedaa7fdebb20.exe
Resource
win7-20230831-en
Malware Config
Extracted
gh0strat
7003.aadaa1.cc
Targets
-
-
Target
fa0c0f8b78d82e551307f82653476b528019d9b6a244b4926cffedaa7fdebb20
-
Size
1.4MB
-
MD5
a290036850c46087bef2e9397f679765
-
SHA1
a819e551ee45e25583505389c3b63da7dc340cb2
-
SHA256
fa0c0f8b78d82e551307f82653476b528019d9b6a244b4926cffedaa7fdebb20
-
SHA512
d61c2af16f6d8acac4c591d5cda1c50f3f925e2079c1697ef8da608483f9958474fd7e47826789bc8ecd9acb0a6c0b06be1ac0a082d7264db00496b4316c2572
-
SSDEEP
24576:kOQpwBCp2TjRg3SMlowWhI0PIpxRVInc6TEtAjLprdCiuU0Oqcdli:kJOjx6owWhI0PIpLKH/jVr9h+
-
Gh0st RAT payload
-
Downloads MZ/PE file
-
Modifies RDP port number used by Windows
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-