General
-
Target
1ca73cd5afdea64c01d33f652c47a9c6c3ee446fd5dd49bd6e8ff96fd89772d4
-
Size
12.1MB
-
Sample
240524-cww3aaaa3s
-
MD5
320a85f96d37a11e753425e694a27307
-
SHA1
c6c892b3993e384ca6747233bb6722350aa40ad3
-
SHA256
1ca73cd5afdea64c01d33f652c47a9c6c3ee446fd5dd49bd6e8ff96fd89772d4
-
SHA512
717d072dc382abb00f12461f3e5b666936d6330dd1669df56987d5b73859fbd9b50959951a7f03005457b542cb49baa7fc52b9dbfbd01a39980385186ebcad0d
-
SSDEEP
196608:BKXbeO7yL9YE0SCI4rbECIwBbiL4c7NxIYaK+GutOHpDRw0nptlVOmpFEMSesg:S7yhYn/8Ch1vnGutMpDDnpnVVp6fesg
Static task
static1
Behavioral task
behavioral1
Sample
1ca73cd5afdea64c01d33f652c47a9c6c3ee446fd5dd49bd6e8ff96fd89772d4.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
1ca73cd5afdea64c01d33f652c47a9c6c3ee446fd5dd49bd6e8ff96fd89772d4
-
Size
12.1MB
-
MD5
320a85f96d37a11e753425e694a27307
-
SHA1
c6c892b3993e384ca6747233bb6722350aa40ad3
-
SHA256
1ca73cd5afdea64c01d33f652c47a9c6c3ee446fd5dd49bd6e8ff96fd89772d4
-
SHA512
717d072dc382abb00f12461f3e5b666936d6330dd1669df56987d5b73859fbd9b50959951a7f03005457b542cb49baa7fc52b9dbfbd01a39980385186ebcad0d
-
SSDEEP
196608:BKXbeO7yL9YE0SCI4rbECIwBbiL4c7NxIYaK+GutOHpDRw0nptlVOmpFEMSesg:S7yhYn/8Ch1vnGutMpDDnpnVVp6fesg
-
Gh0st RAT payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Drops file in Drivers directory
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-