General
-
Target
16e1161c1d4af3aa8a645d1dbae0ada29fd4a7df7208b3f0656b44a7d2bbc3b8.exe
-
Size
375KB
-
Sample
240615-klygcsthpd
-
MD5
bcb3fe24e81f8e6989bc8005838433a0
-
SHA1
a42a7fa621d2c3ea1aab471a4cfb2d71d505f35e
-
SHA256
16e1161c1d4af3aa8a645d1dbae0ada29fd4a7df7208b3f0656b44a7d2bbc3b8
-
SHA512
8deda0cdc42f9f420633feb67bf4b6a13b469d0dfdb336ec91fc3d59c4ab694cce8ae8ac61f98c3d1f59bbe676872f9663be7fbba459ec97c16eee1eae1dd298
-
SSDEEP
6144:ORjbUHOvGUNIE/FDjBazqjWgR+MSEtvlZTONpRGX5B4PY3mA0O0Gp8Nhn5Jod:ejbh9tDjiuT+xEtl0u4w3mAZyUd
Static task
static1
Behavioral task
behavioral1
Sample
16e1161c1d4af3aa8a645d1dbae0ada29fd4a7df7208b3f0656b44a7d2bbc3b8.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
16e1161c1d4af3aa8a645d1dbae0ada29fd4a7df7208b3f0656b44a7d2bbc3b8.exe
-
Size
375KB
-
MD5
bcb3fe24e81f8e6989bc8005838433a0
-
SHA1
a42a7fa621d2c3ea1aab471a4cfb2d71d505f35e
-
SHA256
16e1161c1d4af3aa8a645d1dbae0ada29fd4a7df7208b3f0656b44a7d2bbc3b8
-
SHA512
8deda0cdc42f9f420633feb67bf4b6a13b469d0dfdb336ec91fc3d59c4ab694cce8ae8ac61f98c3d1f59bbe676872f9663be7fbba459ec97c16eee1eae1dd298
-
SSDEEP
6144:ORjbUHOvGUNIE/FDjBazqjWgR+MSEtvlZTONpRGX5B4PY3mA0O0Gp8Nhn5Jod:ejbh9tDjiuT+xEtl0u4w3mAZyUd
-
Gh0st RAT payload
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-