General
-
Target
a01e216ae8c659d32c22d165009d85c0daee2a9895983736369f8f0aef2f358b
-
Size
3.0MB
-
Sample
240529-derlxage98
-
MD5
f8d5d84914ea87463cb8efbf49a74f55
-
SHA1
9613d02bc94648af72b9b69be6250479164a48a2
-
SHA256
a01e216ae8c659d32c22d165009d85c0daee2a9895983736369f8f0aef2f358b
-
SHA512
b43efbf1d722d51ff1cc78086b3a91817ab2d2c0adcb8f37b01aabc679c8310207c890b7e36fd58096de7465cc3ef44fe0140495c129f6ada946bdc50fb27662
-
SSDEEP
49152:6QZAdVyVT9n/Gg0P+WhoCsTKyoZ/Pjb6Kt0rbJEuSLz5xXA:jGdVyVT9nOgmh/sTKlZ6K+mLzA
Static task
static1
Behavioral task
behavioral1
Sample
a01e216ae8c659d32c22d165009d85c0daee2a9895983736369f8f0aef2f358b.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
a01e216ae8c659d32c22d165009d85c0daee2a9895983736369f8f0aef2f358b
-
Size
3.0MB
-
MD5
f8d5d84914ea87463cb8efbf49a74f55
-
SHA1
9613d02bc94648af72b9b69be6250479164a48a2
-
SHA256
a01e216ae8c659d32c22d165009d85c0daee2a9895983736369f8f0aef2f358b
-
SHA512
b43efbf1d722d51ff1cc78086b3a91817ab2d2c0adcb8f37b01aabc679c8310207c890b7e36fd58096de7465cc3ef44fe0140495c129f6ada946bdc50fb27662
-
SSDEEP
49152:6QZAdVyVT9n/Gg0P+WhoCsTKyoZ/Pjb6Kt0rbJEuSLz5xXA:jGdVyVT9nOgmh/sTKlZ6K+mLzA
-
Gh0st RAT payload
-
Drops file in Drivers directory
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-