General
-
Target
0e4db144b872080e865f2ce5d7dc2edeb47eb304d109c3f16c82c04ce626644f.exe
-
Size
444KB
-
Sample
240619-bfcs2a1amg
-
MD5
39d865aa4171442b417c40479e63a03f
-
SHA1
0da788f33274472b1b2217a31301eddd95c7e77c
-
SHA256
0e4db144b872080e865f2ce5d7dc2edeb47eb304d109c3f16c82c04ce626644f
-
SHA512
619e5585a51dd03bddef2a67e7bbce0742266750548004a4c664715d5a217fd9477de22c91218b39a6c5d957ec1f4fb3a6743ebf9ad86814632e55750cd4ca82
-
SSDEEP
12288:MykIP8aYKbeqA1UtLD45VZ3Mc2YpFjW8D:MKP9YbiR45v3Va8
Static task
static1
Behavioral task
behavioral1
Sample
0e4db144b872080e865f2ce5d7dc2edeb47eb304d109c3f16c82c04ce626644f.exe
Resource
win7-20240419-en
Malware Config
Targets
-
-
Target
0e4db144b872080e865f2ce5d7dc2edeb47eb304d109c3f16c82c04ce626644f.exe
-
Size
444KB
-
MD5
39d865aa4171442b417c40479e63a03f
-
SHA1
0da788f33274472b1b2217a31301eddd95c7e77c
-
SHA256
0e4db144b872080e865f2ce5d7dc2edeb47eb304d109c3f16c82c04ce626644f
-
SHA512
619e5585a51dd03bddef2a67e7bbce0742266750548004a4c664715d5a217fd9477de22c91218b39a6c5d957ec1f4fb3a6743ebf9ad86814632e55750cd4ca82
-
SSDEEP
12288:MykIP8aYKbeqA1UtLD45VZ3Mc2YpFjW8D:MKP9YbiR45v3Va8
-
Gh0st RAT payload
-
Detects Windows executables referencing non-Windows User-Agents
-
UPX dump on OEP (original entry point)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-