General
-
Target
9b595235a36d3bbb75b32a26ff088d7a56f13b0b0ebd055f539feeeb65dc2884
-
Size
1.0MB
-
Sample
240427-mff18shc2w
-
MD5
f99e33bdb0c707baa2ca6368811b9a91
-
SHA1
919aa945cc322422cb96510e1ed9b2cdc379d31b
-
SHA256
9b595235a36d3bbb75b32a26ff088d7a56f13b0b0ebd055f539feeeb65dc2884
-
SHA512
fcd22e70de13a264eb4f818e0e90110f0904fc56bb2693439e01446281b7d8f9df7f3c85b77e311d9dfff13c01049a12501d4a1e614d47bc5797ffd5e0a6ba51
-
SSDEEP
12288:R1ec/eFqGMdsq7qYck6k2yFqR+lIaaiEOqN/L0FgEhBCpJJNn8/MPr4OsnM:be7qGMdtmAN24qR+aaHEx/wFvUPEOs
Static task
static1
Behavioral task
behavioral1
Sample
9b595235a36d3bbb75b32a26ff088d7a56f13b0b0ebd055f539feeeb65dc2884.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9b595235a36d3bbb75b32a26ff088d7a56f13b0b0ebd055f539feeeb65dc2884.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
gh0strat
8.149.141.237
Targets
-
-
Target
9b595235a36d3bbb75b32a26ff088d7a56f13b0b0ebd055f539feeeb65dc2884
-
Size
1.0MB
-
MD5
f99e33bdb0c707baa2ca6368811b9a91
-
SHA1
919aa945cc322422cb96510e1ed9b2cdc379d31b
-
SHA256
9b595235a36d3bbb75b32a26ff088d7a56f13b0b0ebd055f539feeeb65dc2884
-
SHA512
fcd22e70de13a264eb4f818e0e90110f0904fc56bb2693439e01446281b7d8f9df7f3c85b77e311d9dfff13c01049a12501d4a1e614d47bc5797ffd5e0a6ba51
-
SSDEEP
12288:R1ec/eFqGMdsq7qYck6k2yFqR+lIaaiEOqN/L0FgEhBCpJJNn8/MPr4OsnM:be7qGMdtmAN24qR+aaHEx/wFvUPEOs
Score10/10-
Gh0st RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-