General
-
Target
4915e13ff1642028c458dd576c44142f.exe
-
Size
170KB
-
Sample
240107-yaastacfdp
-
MD5
4915e13ff1642028c458dd576c44142f
-
SHA1
f731af1b5acdcc376cab976eeeaa196646fdbcb9
-
SHA256
ba18b133270ec5ac4f95db3657754e69a7c210e38d031d8839d6b6def5785a73
-
SHA512
cabf6cfc707633afcb023e09f34945ace4a0f369ed968e9e20d5b66a1a63a54b69a4b4c75ef00a2124365ec8af2d92033d70450023d9d89de04b5f0d7ed4134a
-
SSDEEP
3072:ALk395hYXJag6e5gEZDQQghyGl7b20cHPi+0XLTU8xlEl:AQq+eassQg0i2nq+0bTFlQ
Static task
static1
Behavioral task
behavioral1
Sample
4915e13ff1642028c458dd576c44142f.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
4915e13ff1642028c458dd576c44142f.exe
Resource
win10v2004-20231222-en
Malware Config
Targets
-
-
Target
4915e13ff1642028c458dd576c44142f.exe
-
Size
170KB
-
MD5
4915e13ff1642028c458dd576c44142f
-
SHA1
f731af1b5acdcc376cab976eeeaa196646fdbcb9
-
SHA256
ba18b133270ec5ac4f95db3657754e69a7c210e38d031d8839d6b6def5785a73
-
SHA512
cabf6cfc707633afcb023e09f34945ace4a0f369ed968e9e20d5b66a1a63a54b69a4b4c75ef00a2124365ec8af2d92033d70450023d9d89de04b5f0d7ed4134a
-
SSDEEP
3072:ALk395hYXJag6e5gEZDQQghyGl7b20cHPi+0XLTU8xlEl:AQq+eassQg0i2nq+0bTFlQ
Score10/10-
Gh0st RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-