General
-
Target
019f79bad911018716678def3bc289b1.7z
-
Size
529KB
-
Sample
240618-rsefdsxelc
-
MD5
019f79bad911018716678def3bc289b1
-
SHA1
709536cba1206f133724f522944d4c3f098a577a
-
SHA256
24f5ebdad00d567029760a3e364b2702d1402fe4dc6c7e0801824b02bd239c22
-
SHA512
355f1610e2ab20e86546ee748f2a596467ccf72610b3df258aa384a4da918a7794c43462449183ef1faa17d9193e8305c24c520253189d2d4ba54cfb32bdd289
-
SSDEEP
6144:k4GBTCX0LSFaEPsBjvraT/o/8qF3HfYakJNJC3EPDkv0niR6KeLsn/Rt3OLnIfS/:xdFBuEg0y3HApQ3EbkE/bwGzWzUlq7w
Behavioral task
behavioral1
Sample
Phija.exe
Resource
win7-20240419-en
Malware Config
Targets
-
-
Target
Phija.exe
-
Size
539KB
-
MD5
bd50ba38259a5c7a2a376ea20c16d895
-
SHA1
a23cc9f184aa87b8ca1e5fe1589b192d303fe0dd
-
SHA256
37d67a422a2c3eac276ec75c6b4600aba1028e244b01a3c9b1e22fbace9dfcad
-
SHA512
30ebadd2be0c2095e7221c18a58b0799830e321a94bc5e102f48842c331c0b5743565759a5c2e1c635a7fb5efb03e10b2eaf3da4b9a41dd0bfce16a454d16c66
-
SSDEEP
12288:whymnwJFPNdgBAEHApqePJN1AmLM7uVq9sSYN:wUmwrl2Ao7sJNlM7ymsSYN
-
Gh0st RAT payload
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-