General
-
Target
668e7df7c1d1bb5ec520f495c57338e4888a29307c8f4e79e6594609b6bdecba
-
Size
5.6MB
-
Sample
231224-hlrmpshhgk
-
MD5
0a33a1bfd046c651c8c91edb3d7b972c
-
SHA1
fe93b5f6242be4e5b89c5e2dcd46640b456cd71d
-
SHA256
668e7df7c1d1bb5ec520f495c57338e4888a29307c8f4e79e6594609b6bdecba
-
SHA512
5be38c53d2471c19c15aa1212839cd8bafcf42796977ea7f27daebf9a840af0dcfcdc20b244bf85902d6365d1eed52f8efff0c04cd389bf1a570b6d007d49ad6
-
SSDEEP
98304:GBGw4JTYdg7szAofgIlGE4JmUwMDeQo9vCRxNwimxt2Nv6GAsF7EyZ1pjZBZYZZ0:GBGw4JmqcxgiGE4JiMqF6DChU6AvfjBf
Static task
static1
Behavioral task
behavioral1
Sample
668e7df7c1d1bb5ec520f495c57338e4888a29307c8f4e79e6594609b6bdecba.exe
Resource
win7-20231129-en
Malware Config
Targets
-
-
Target
668e7df7c1d1bb5ec520f495c57338e4888a29307c8f4e79e6594609b6bdecba
-
Size
5.6MB
-
MD5
0a33a1bfd046c651c8c91edb3d7b972c
-
SHA1
fe93b5f6242be4e5b89c5e2dcd46640b456cd71d
-
SHA256
668e7df7c1d1bb5ec520f495c57338e4888a29307c8f4e79e6594609b6bdecba
-
SHA512
5be38c53d2471c19c15aa1212839cd8bafcf42796977ea7f27daebf9a840af0dcfcdc20b244bf85902d6365d1eed52f8efff0c04cd389bf1a570b6d007d49ad6
-
SSDEEP
98304:GBGw4JTYdg7szAofgIlGE4JmUwMDeQo9vCRxNwimxt2Nv6GAsF7EyZ1pjZBZYZZ0:GBGw4JmqcxgiGE4JiMqF6DChU6AvfjBf
-
Gh0st RAT payload
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-