Overview

overview

7

Static

static

3

GhostChecker.zip

windows10-1703-x64

1

GhostCheck...FU.dll

windows10-1703-x64

1

GhostCheck...ev.dll

windows10-1703-x64

1

GhostCheck...PP.dll

windows10-1703-x64

1

GhostCheck...er.exe

windows10-1703-x64

7

Stub.pyc

windows10-1703-x64

3

GhostCheck...nc.dll

windows10-1703-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    GhostChecker.zip

  • Size

    10.0MB

  • Sample

    240526-tp164acc8w

  • MD5

    4bc9dcf900d29ff5b3f1f50b04cdfcb4

  • SHA1

    152b21921d5f7a663a21c664a53a3b7ee53b3b8c

  • SHA256

    2a3340478791aeeaaf6e64fd877ea41f81975c21e588a24e56eeaa7f8097c8bc

  • SHA512

    d3ba78eba5cce684c80d477d11aee9f23ea0a122b04c99a4bdac9f54df1ad9528d41012d17c591c586b7b0565f80a7555cec27f9f3e43d18321026ecb3f24239

  • SSDEEP

    196608:AY7axwHrFPwzzIwzL/koP8DJNdie0RHxsWDOvh5ojGV8BGFaRtkfpjqHr2lbZjNL:AIrJwzzLzbbMNyRHXq5iGV8B4aRtkfIe

Score
7/10
pyinstallerupx

Malware Config

Targets

    • Target

      GhostChecker.zip

    • Size

      10.0MB

    • MD5

      4bc9dcf900d29ff5b3f1f50b04cdfcb4

    • SHA1

      152b21921d5f7a663a21c664a53a3b7ee53b3b8c

    • SHA256

      2a3340478791aeeaaf6e64fd877ea41f81975c21e588a24e56eeaa7f8097c8bc

    • SHA512

      d3ba78eba5cce684c80d477d11aee9f23ea0a122b04c99a4bdac9f54df1ad9528d41012d17c591c586b7b0565f80a7555cec27f9f3e43d18321026ecb3f24239

    • SSDEEP

      196608:AY7axwHrFPwzzIwzL/koP8DJNdie0RHxsWDOvh5ojGV8BGFaRtkfpjqHr2lbZjNL:AIrJwzzLzbbMNyRHXq5iGV8B4aRtkfIe

    Score
    1/10
    behavioral1

    • Target

      GhostChecker/CaptchaPRIV.EFU.dll

    • Size

      20KB

    • MD5

      cc6a734af16f5571a62a20a7f9e581fd

    • SHA1

      378fdf889a8c7f2dc5efc0117077fcdf4bcab10c

    • SHA256

      e07992346afafa842e5a15ba6692f4db48b92a524bca8cfa50265819045d1828

    • SHA512

      34d335e4e3a482d72955bcfc40d772d58ab90c50fba11fde43371e105c6e3bd0dccd43a0e57d017931aa4a1f60e6afa0adb43a744743913ba620b89cb77e5110

    • SSDEEP

      384:/YU3dJk5BvNfYd2d2SB5aYKvHJP6wmsLDrXLsfVLNZ/NMGJV8qj2eCSkKUbF2xas:/YU3dJkb9dQ0MbvHN2xO

    Score
    1/10
    behavioral2

    • Target

      GhostChecker/Epicgame.API.Uev.dll

    • Size

      57KB

    • MD5

      8f6a5270165600eab4b48125d40ead42

    • SHA1

      77a9e486a708e97214bf7ceb13ec0914793b1301

    • SHA256

      1ff79e8273eba12e725cfb33e369ecf8b1762cdd98b7c961b031c3edc7667e7e

    • SHA512

      90c4322715f387e972aaffc0e3e34088ff0ebccc575dcdcfec3a0863cedd191eb267c3818a5be3077b12bc495dc15bb98579b6918dd029c66fd4047f00bf2c0d

    • SSDEEP

      768:pzHc9MbBHKSiJ8VEa5IJTPAgFnW4unJ+7NYREzHKq3I/tMNsS+GcXxVg66Ksu8A1:iS8BAGoN4S6YRMqGDD/co6Np1

    Score
    1/10
    behavioral3

    • Target

      GhostChecker/GhostChecker.APP.dll

    • Size

      14KB

    • MD5

      4a1dbbd6296c6f6cd1a50689c9c9ef74

    • SHA1

      a6efda8366af64f3899a6f75183b64b8f380d928

    • SHA256

      1abc1f427e02c7868d219586d6c45751ede13b45d2eb7c40b520997b22ab625e

    • SHA512

      c5daa667a77e0db06a04c98fa6d4eb6c44af7d40d1bb49cda137587ba6b6580847e6fb0f8a50985d53bc5dcaf225eb6fbf7820b7a283acd8ff3f28ab9ff0c435

    • SSDEEP

      192:JrGh5l5BkWeztswE58tRGb1p5VbFh+Xq4Gz2pf3MohUPdcl2EAY0rGWu9aSW:lsw5iZRb4Xp/MohUPde2EAoWu9aSW

    Score
    1/10
    behavioral4

    • Target

      GhostChecker/GhostChecker.exe

    • Size

      10.1MB

    • MD5

      6cb17633c9d17110d914a6b27a62f205

    • SHA1

      483f688ed17cd4c2d12d1576abdbb39afa2f2b88

    • SHA256

      13a63acc6d7784f13d6a9c595ef81ca4714ba3e88145955d99714d4b83002c01

    • SHA512

      7a7e957565a2e142ca9d4d79c22f85ae51c1cf56c92ac5af9bd9532cf087bf196395775f86f79ee2bf09c398097ffe6c15886b2aa8819e6588868cf7673305e2

    • SSDEEP

      196608:1hSNsJWxezBSwLRXgWPmpzdhqieRHvUWvo3hxjno/w3iFCxHQbRNSEtX7FRP:KYB5L1V8daRHdgxro/w3uCxHQbqCf

    Score
    7/10
    upx

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral5

    • Target

      Stub.pyc

    • Size

      796KB

    • MD5

      10f9e5779b6d450a7c81ccc02dba6d57

    • SHA1

      df54fcf35bfb5357a818cd502be2464296bff6a8

    • SHA256

      5aa648765ac0bc2c70e20ef06636b4d42d6e87f312066846cd6415bc0bce4e20

    • SHA512

      1e1c59b8542fd14143975b2eb903cf6ddaddb4763c564d707aca236bc069b1dd302c494c67fa6e90ae00a1057a0ba06431e07af1969a5acdfeaf26c9fd9ef451

    • SSDEEP

      24576:IF+8e6ie4+aPmlkWGkGfEiIyCLyAp+A4p:IfJeIkV1Szkp

    Score
    3/10
    behavioral6

    • Target

      GhostChecker/GhostSync.dll

    • Size

      8KB

    • MD5

      d7618a0211be255e408c9bc48eecc6e0

    • SHA1

      22ee19ac36dfb6eaf24319d1d3bbc331049d9e49

    • SHA256

      04010bfea1a18bf36ea3656d1c85d3ac74a132de405378577ad926cfc408110b

    • SHA512

      841f95b93b653ed56d34d01814ad3e5897ad65d237df813de1020d2d28a3c808c39802e3becccc4194e9616f330e7092dded11f95284956ea189fa300d0b0de9

    • SSDEEP

      192:nahUjNStmh5m12gwgebGi6qjrOpM6ETW0ryHWlYaIW:nahUjNmmhp6vWlYaIW

    Score
    1/10
    behavioral7

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Process Discovery

1
T1057

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks