General
-
Target
94eb81082f081690654c8ab9186876762639302c5dd70b8785b4a18c9aed1c82
-
Size
2.3MB
-
Sample
240529-g39deaea34
-
MD5
a3c1eb89784badec8693d1bff034ae59
-
SHA1
3537da6d4093360d2391f286178f7f3554da03ef
-
SHA256
94eb81082f081690654c8ab9186876762639302c5dd70b8785b4a18c9aed1c82
-
SHA512
0765d885978aa47448dcb3b495bd54a3fab3aeae8b7d351f7eb3ee9da0ab2db377f390d59b8c78494d8657c782a0510251b23cd1eb12c31fd2e5dae1bb4e46e2
-
SSDEEP
49152:k09XJt4HIN2H2tFvduySLILWqOlSCsfKOz:JZJt4HINy2LkLop0SCsfz
Static task
static1
Behavioral task
behavioral1
Sample
94eb81082f081690654c8ab9186876762639302c5dd70b8785b4a18c9aed1c82.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
94eb81082f081690654c8ab9186876762639302c5dd70b8785b4a18c9aed1c82
-
Size
2.3MB
-
MD5
a3c1eb89784badec8693d1bff034ae59
-
SHA1
3537da6d4093360d2391f286178f7f3554da03ef
-
SHA256
94eb81082f081690654c8ab9186876762639302c5dd70b8785b4a18c9aed1c82
-
SHA512
0765d885978aa47448dcb3b495bd54a3fab3aeae8b7d351f7eb3ee9da0ab2db377f390d59b8c78494d8657c782a0510251b23cd1eb12c31fd2e5dae1bb4e46e2
-
SSDEEP
49152:k09XJt4HIN2H2tFvduySLILWqOlSCsfKOz:JZJt4HINy2LkLop0SCsfz
-
Gh0st RAT payload
-
Drops file in Drivers directory
-
Sets service image path in registry
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-