General
-
Target
ec52d5f32e1a1f76878ca024401345a51e0838ac9a57c3c26d7d66dc6f844f6b
-
Size
2.2MB
-
Sample
240626-gh24laycja
-
MD5
e4f04fdbd20629d5f1020234fe874f36
-
SHA1
9a9bad0e40a50a185be2129db3e882a5b3c306f0
-
SHA256
ec52d5f32e1a1f76878ca024401345a51e0838ac9a57c3c26d7d66dc6f844f6b
-
SHA512
d64a7ff94dd95c2ecf0faa98e7239aae4c5fd63bfcf301836783f21600c0d5754d504dec122c4435e47f060d8e7b4d9c491d93940b7df5105d91e8431e1ebe6d
-
SSDEEP
24576:e09tv9/7JtDElDEExIko2H2HESq2eWJ6MQjySjy+J6MwS0kpY:e09XJt4HIN2H2tFvduyS2MH0v
Static task
static1
Behavioral task
behavioral1
Sample
ec52d5f32e1a1f76878ca024401345a51e0838ac9a57c3c26d7d66dc6f844f6b.exe
Resource
win7-20240611-en
Malware Config
Targets
-
-
Target
ec52d5f32e1a1f76878ca024401345a51e0838ac9a57c3c26d7d66dc6f844f6b
-
Size
2.2MB
-
MD5
e4f04fdbd20629d5f1020234fe874f36
-
SHA1
9a9bad0e40a50a185be2129db3e882a5b3c306f0
-
SHA256
ec52d5f32e1a1f76878ca024401345a51e0838ac9a57c3c26d7d66dc6f844f6b
-
SHA512
d64a7ff94dd95c2ecf0faa98e7239aae4c5fd63bfcf301836783f21600c0d5754d504dec122c4435e47f060d8e7b4d9c491d93940b7df5105d91e8431e1ebe6d
-
SSDEEP
24576:e09tv9/7JtDElDEExIko2H2HESq2eWJ6MQjySjy+J6MwS0kpY:e09XJt4HIN2H2tFvduyS2MH0v
-
Gh0st RAT payload
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-