1492af08664cefb260aa416dd9fe5104b40daf57727e86e0b826d38d15957e21 | Triage

Submit
Reports

Overview

overview

Static

static

1

Ghast_Setu....2.exe

windows7-x64

Ghast_Setu....2.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

Target

Ghast_Setup_1.0.0.2.exe
Size

45.8MB
Sample

240328-azr7dshf73
MD5

685d4abf317efb77c54fdaf901ef18d6
SHA1

69b575f521d536b1bc2cb1b17048d11e63023152
SHA256

1492af08664cefb260aa416dd9fe5104b40daf57727e86e0b826d38d15957e21
SHA512

f84fce721da767e0a421f444d2f80bf1005f6713bae93b726c406d2e020005638ad5bacbd120f5a0cbb05d29c2ec6c8f41ec4454dac65cc1085ad03cab841217
SSDEEP

786432:FVRs7Whsj4Y8PLJEYmNG2/VuIdNRsGIOzlxh9LTRmH+8vMYjrkYHoIsNUf:FVRBhdjPLJELNv/t1r/zldl++dYvkYIO

Score

10^/10

google discovery phishing

Static task

static1

Behavioral task

behavioral1

Sample

Ghast_Setup_1.0.0.2.exe

Resource

win7-20240221-en

google discovery phishing

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

Ghast_Setup_1.0.0.2.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  Ghast_Setup_1.0.0.2.exe
- Size
  
  45.8MB
- MD5
  
  685d4abf317efb77c54fdaf901ef18d6
- SHA1
  
  69b575f521d536b1bc2cb1b17048d11e63023152
- SHA256
  
  1492af08664cefb260aa416dd9fe5104b40daf57727e86e0b826d38d15957e21
- SHA512
  
  f84fce721da767e0a421f444d2f80bf1005f6713bae93b726c406d2e020005638ad5bacbd120f5a0cbb05d29c2ec6c8f41ec4454dac65cc1085ad03cab841217
- SSDEEP
  
  786432:FVRs7Whsj4Y8PLJEYmNG2/VuIdNRsGIOzlxh9LTRmH+8vMYjrkYHoIsNUf:FVRBhdjPLJELNv/t1r/zldl++dYvkYIO
Score

10^/10

google discovery phishing
- Detected google phishing page
  phishing google
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

googlediscoveryphishing

behavioral2

© 2018-2025

Terms | Privacy