General
-
Target
csrss.exe
-
Size
300.4MB
-
Sample
240604-1vwxwsdf68
-
MD5
3b8cc0be536ce3af083852089f3f668f
-
SHA1
a858dc0ee6fc8f6026a186c637331fded22e56a7
-
SHA256
d2c04698e0f237d4d66fc4e6be0c4b8f6c8fd156f237352e0d30f4b72474b714
-
SHA512
27f758f026b1cb4e475d1e1fc32abccd753eb375e07bfc4c54287ecf84792a7997ee6b90d372260fe8ab52e8813e82023e48f03440cce3a7a06a05e3e30b2815
-
SSDEEP
12288:kmRuu+l5X3XK709xYnN862P98FJn5vQM:ko+l5X3XK03YN8HkwM
Static task
static1
Malware Config
Targets
-
-
Target
csrss.exe
-
Size
300.4MB
-
MD5
3b8cc0be536ce3af083852089f3f668f
-
SHA1
a858dc0ee6fc8f6026a186c637331fded22e56a7
-
SHA256
d2c04698e0f237d4d66fc4e6be0c4b8f6c8fd156f237352e0d30f4b72474b714
-
SHA512
27f758f026b1cb4e475d1e1fc32abccd753eb375e07bfc4c54287ecf84792a7997ee6b90d372260fe8ab52e8813e82023e48f03440cce3a7a06a05e3e30b2815
-
SSDEEP
12288:kmRuu+l5X3XK709xYnN862P98FJn5vQM:ko+l5X3XK03YN8HkwM
-
Gh0st RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-