General
-
Target
0f1fcae5afc3ae80abc3ae408f224dc29194ca054e34025cded8311c20ece953
-
Size
4.0MB
-
Sample
240523-rw6daaee59
-
MD5
423a60edff840e9fe38ec71100707478
-
SHA1
8d5432a241847e90a5aa3a2ab99918d56ae2b4b2
-
SHA256
0f1fcae5afc3ae80abc3ae408f224dc29194ca054e34025cded8311c20ece953
-
SHA512
db20925bff79c38b3862a68352ef6af1fdeba17aa533959debc4423da18249d290f8a4361325f6df654bc3c953be396df44909a02e04d4ecdaf07b2ee10bb28f
-
SSDEEP
98304:v2SVMD8Lnsmtk2aX3Ob9lG4TLaeOnTPia:/NLfdLzOz
Static task
static1
Behavioral task
behavioral1
Sample
0f1fcae5afc3ae80abc3ae408f224dc29194ca054e34025cded8311c20ece953.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0f1fcae5afc3ae80abc3ae408f224dc29194ca054e34025cded8311c20ece953.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
0f1fcae5afc3ae80abc3ae408f224dc29194ca054e34025cded8311c20ece953
-
Size
4.0MB
-
MD5
423a60edff840e9fe38ec71100707478
-
SHA1
8d5432a241847e90a5aa3a2ab99918d56ae2b4b2
-
SHA256
0f1fcae5afc3ae80abc3ae408f224dc29194ca054e34025cded8311c20ece953
-
SHA512
db20925bff79c38b3862a68352ef6af1fdeba17aa533959debc4423da18249d290f8a4361325f6df654bc3c953be396df44909a02e04d4ecdaf07b2ee10bb28f
-
SSDEEP
98304:v2SVMD8Lnsmtk2aX3Ob9lG4TLaeOnTPia:/NLfdLzOz
Score10/10-
Gh0st RAT payload
-
Sets DLL path for service in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-