General
-
Target
2e891221af5440aef23af095eade8bfefa86dfc694e4e614ccfc1a31acb0d11d
-
Size
3.9MB
-
Sample
240623-xgxqgsserr
-
MD5
0249b2f7f8c26e0b4a0ece58c9d6eaa7
-
SHA1
27aa4bd4c5cf370c7e82dabbdbdbd69be014cc07
-
SHA256
2e891221af5440aef23af095eade8bfefa86dfc694e4e614ccfc1a31acb0d11d
-
SHA512
3a162c75d9abf25e7cdbc8b5ddc3b746224f0bfe8f1d18b6d9f7be4fd42ddb180d26a0eb82fd0af96eee441297ef5441b3c590e87fe059fd348ec80b114ee43d
-
SSDEEP
98304:pGdVyVT9nOgmhaANSMXyN6htR5jWUgFyI2OhkgA:2WT9nO7wANSQygbuP28VA
Static task
static1
Behavioral task
behavioral1
Sample
2e891221af5440aef23af095eade8bfefa86dfc694e4e614ccfc1a31acb0d11d.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
2e891221af5440aef23af095eade8bfefa86dfc694e4e614ccfc1a31acb0d11d
-
Size
3.9MB
-
MD5
0249b2f7f8c26e0b4a0ece58c9d6eaa7
-
SHA1
27aa4bd4c5cf370c7e82dabbdbdbd69be014cc07
-
SHA256
2e891221af5440aef23af095eade8bfefa86dfc694e4e614ccfc1a31acb0d11d
-
SHA512
3a162c75d9abf25e7cdbc8b5ddc3b746224f0bfe8f1d18b6d9f7be4fd42ddb180d26a0eb82fd0af96eee441297ef5441b3c590e87fe059fd348ec80b114ee43d
-
SSDEEP
98304:pGdVyVT9nOgmhaANSMXyN6htR5jWUgFyI2OhkgA:2WT9nO7wANSQygbuP28VA
-
Gh0st RAT payload
-
Drops file in Drivers directory
-
Server Software Component: Terminal Services DLL
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-