Overview

overview

10

Static

static

10

Ghost+Stealer.zip

windows7-x64

1

Ghost+Stealer.zip

windows10-2004-x64

1

Ghost Stea...xe.xml

windows7-x64

3

Ghost Stea...xe.xml

windows10-2004-x64

1

Ghost Stea...er.pdb

windows7-x64

3

Ghost Stea...er.pdb

windows10-2004-x64

3

Ghost Stea...st.exe

windows7-x64

1

Ghost Stea...st.exe

windows10-2004-x64

6

Ghost Stea...st.exe

windows7-x64

10

Ghost Stea...st.exe

windows10-2004-x64

10

Ghost Stea...ib.dll

windows7-x64

1

Ghost Stea...ib.dll

windows10-2004-x64

1

Ghost Stea...ub.exe

windows7-x64

3

Ghost Stea...ub.exe

windows10-2004-x64

10

Ghost Stea...config

windows7-x64

3

Ghost Stea...config

windows10-2004-x64

3

Analysis

  • max time kernel
    141s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    03-09-2024 03:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Ghost Stealer/Stub/stub.exe

  • Size

    1.2MB

  • MD5

    a807001286f0d4f3336e9a45e6184558

  • SHA1

    4253769235f75848632e559a2e15d0ef9708a479

  • SHA256

    e1f56d8ad0dfea880281406424191daebbc1f77eb30ca25d997f26fd6cc71070

  • SHA512

    693221c1809c9d338e0ac270a0cf6aa6f277026b58056360180415b96a1a5f47104376e4fe37e0f6a2e929c5a9e7547afe0fa0d5b6ee8d12a76012affb718d42

  • SSDEEP

    12288:ZiOokH48FBakxSixBfraTyInY2tpJg7yICBRIkx:ZiOAukKSine/pzmwBp

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Ghost Stealer\Stub\stub.exe
    "C:\Users\Admin\AppData\Local\Temp\Ghost Stealer\Stub\stub.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1232
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch&plcid=0x409&o1=.NETFramework,Version=v4.8&processName=stub.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2480
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2480 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2012

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b48043ca37085789a82c62129050a874

    SHA1

    fbdcf782d0cee8222b77524a69fb7b6accd120c9

    SHA256

    6ba57801cb868b538444761b91f3091c10df3853b7213983db2e34c15e95f1d9

    SHA512

    02d2a86e02dd635d36aca665e75bf03f2f06a7ffc8c7d6738d1b87f8f59eea9bbb0f0f62af7350d456833a6f90b2ca05b758b60fd48509497e94691eab8238f8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    30dd07650b7542b2fb3fff0d2f7e2379

    SHA1

    a1601ed1a1cef548b425275e7bfca25a79cba073

    SHA256

    d5e8fdc70c1ef99dc2563ac3d2968928d8dc7a3f64e54fb24ab966518b513a7f

    SHA512

    698ea5dcd18f3c57e3b34cce44ec435556189af441eeb9a5d8e66824ae5c011d0ad948ada4318e3aa810209dcc08d8347a05072805637cefe7aa1253f41b7f31

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ba636c4432458e746fb79e1f934e859f

    SHA1

    73d479c65a85632e9ab1658ea59b941fd959ba55

    SHA256

    013e10c328c0da17075b04aa2163ed1f4b6487d5fb8d779810cc67be3fa1402d

    SHA512

    9a66987d3e10fc9d079c83038f618700e893c253dbd5dbce4da30bf93cd3c1c916bed1fc883ec5fa00f80fb6dfa7fbb09c7917951d362ace94b2f4c8027ae144

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    29b47e11d3ec7f9b9cea10b3f91a0c7d

    SHA1

    5cae9218bec5ee7aec0b452ad435b18c688436c1

    SHA256

    3e595c3b565f2e504cfdbf4db21328d3621088efe718b670ab7524aba1d2c258

    SHA512

    a5af5a062be1d32ce16e02c4c7d742f21a48d183f7ea9bb0c9c100c2a350917324ebe7d67b264b9d57d39cf615fa560753ac20ec1b8cb9c8c0ede4d8c8e7a11c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4ff76900d5cc5c25ae0180b75ab8fca4

    SHA1

    3b8973656eb48697f0c9265409b0017815adca08

    SHA256

    99e5da90d2712df623405e630394e82b80318bcdfdc9c4a74c368abb7564ca00

    SHA512

    bb9b884eeeac6426b3069e0779552092693a4c48a6543f3544b01d3717e3ce8294d46040342308acc6c7be8a6215e8ba1fbf2f4461a53e3d6027e75dedd3a5ff

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d84a0f174582cb856e845f8fef82f43b

    SHA1

    d8b2b340f365b4cde1ee07138eeb69965373f113

    SHA256

    edd915bd66ad52c026f179c9f558f3de8b68c3292bb30922e8f46428f7941bf9

    SHA512

    d63e57c798988f8855fc33082228b47d23ab053c53c70fb93bb869109d0ec5a7a69288ff12e6f16796f226b8db2b3b6362a4440753ef1feacea30729b875f6d5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e5bc1c6b8a54b69ccdcf1365f764d414

    SHA1

    ac364c9fcc750e122a82da858887b6f1c82b0db6

    SHA256

    98736395bc887bfae840d24722736bf8da55ca8c43b289283339e811cc06a0aa

    SHA512

    c06f22dc0d6c5ddd43e8eeafddbf01669e38a7b059fd6a39a14538a236ee04bf00eccb6d105ef7c2736f5f2b59d9e3018f2d2826855862bb9e6a96dab6407a2a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    25c9c95a1b882a267ae478b0ce612baa

    SHA1

    0f3cb2a6e6a47df70ba4be3f2d2f7abdbdc22326

    SHA256

    3100fb57641a96e6612d2eeb947f35aa5935caf7e981aa3fe8e1dcd9946b25b2

    SHA512

    bbae623e981882b4f472d16319b344b4f88dfdf3f3ce06eb678f17dfb86a4dd3cb5cd7f6df226507cd8a2d009f9601a0599c635aab24c8523a02b6826d7a66c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    41576dcfecb28d2d81c8a73d089c2e36

    SHA1

    73478b56defd310a63e99448970bee3659643827

    SHA256

    ae9af267895df11a16dacbb3af73b106776e9fa463972ac9081b6bea9e8c08a2

    SHA512

    79b1598b6e53e5d569e3e0c78bf90382efa2b48c1f40722881cb46c82da3f751409c4b7a31fccf3cbda3fdf220205801e5bf17b3147b660e08e81371bc879fb6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    45c1bfa15ace8e1e76bc45498002d0f1

    SHA1

    640d7c8f9001fc144c3b321c00dce1aab4adcc05

    SHA256

    7fd88bc080dbf50445bb8398cbdac2d48caadc137da0748a81c862c3021a8094

    SHA512

    dca38051d69c4732760a97f71d4ba846b44f632389d2cc9690f0b6a7025270487cb63a4c62ab8375c0dfc71db611a4da884d8c75b8b0f77200829df01d918af5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f4679cc965d38d34eda79ed0fb375713

    SHA1

    fe3e4ea02207eaf0ca39c9876be30fd912bea093

    SHA256

    a521de21c9d802a4e375e286a60db9ad6333bd2e43da1e8ec0af8d974a756343

    SHA512

    2803f0e715de825f801cf283e4e0d55d5244ea5e7c431e44c7bd1d17fdb881f07e77ea3599bc278c9962c78620a553a3a5e9c94cc0e460647899ff25fcad94c2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3dbcdff301c6100071fc0adcfcbfa833

    SHA1

    10de8d5016b9f446f3259786c1cb0a71cfa1dc27

    SHA256

    cc13ffbaae34206c43e767f2ec477840dd8068e98d536e06df9949273a1f565e

    SHA512

    e42beedee395ae081e8d0f6e7215e7f3e049695e066cdef0d6d640c645b8a4bf09d0748a51d5b04bf0728a5b9460b37edb4eed4835f391e4da66e8bec51aba61

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    18c9ba751fef8f879f8a6536af8e38d6

    SHA1

    4ed2aef33590e57ebcc1123bb89ed86bb4fdd409

    SHA256

    e61666b5bca5944320622431ec4f6205ff7715a07d92afe9edd72bc646bef497

    SHA512

    9cfd204530980723f6a9e18eb6a62821c5e214b87cb8e64730e13cfcff3bf01a99de37a338d645dc9140d5e63e53e486345ca91f2042cf7d4d75a59ed4d520b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    92697bf42d7f99d0525f6513bafc884f

    SHA1

    55ef63dbf8c4117f563a90bd23833219ed73bb63

    SHA256

    f3ffc3792004bd7de92fd9fa519472fb31b0b066dccf7eaf0af670215ba79719

    SHA512

    479602f5d3057808ec59bcced26835bfca41c30e8940fc2ecd5598317dc913cc83f52812c3428934865581ab98b498d54fdd734826f9d1c494217931db39f4fc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    83df3db624f35dbb74b11b35730a4160

    SHA1

    c10049f7cc266f7a29b50272d30af07b67af5f1e

    SHA256

    55f012a3b5f64c5a95a1ae3c71cfb19feb7f043e6c1a80e40ad4a67596a3ab13

    SHA512

    35f3369f9c405ed6c776950ccce9de9082a9a055d53b6825272ef0a23b1dc06c1c43e5e5f6c8ffca2e38db54636aa679a6a58d677c3288bd4b192a8b50a1baf8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    785414304fb2adf806e1f127ebebe55e

    SHA1

    d35d31ac304aec1861afa1de9e2f6911c1984c8e

    SHA256

    40b524109635968b19f38b74a4c30f9fd383da4d384ce8c3242ee5149ea0859c

    SHA512

    ebbe8b2cda5e261d1374188147330dd30f4335c856be92aeac973f8e007ba25dfc0915e1230a22bdb09b16f12f4726dd3b4a21d084a09cab952bbb9a8d66fb31

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4367d86721d066a9dee820b171a845d3

    SHA1

    cea9fba8cb8cea99508c85e1f7e4fa0a0a82c34a

    SHA256

    bd255b023c9f55f06b7408627121d1cf51223f2b7b931dc709324ce1a645c290

    SHA512

    5e6903360862413313d82140265df083e0d73a8930278567b6b0aa248b8894e876057adc3cf286d2464d027dd9b5e2cf70613793412428c096235a423d50a219

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e5d3dda64bbc66e91e7cfb94bf2aea7d

    SHA1

    0e5186f8bea021959ea20d8ee256fe6c5040892e

    SHA256

    56e57907ea8cfb72cef553778a811375fa1a1631b6bda411c31bbc92632ea00a

    SHA512

    6061bcbb1309fc5dea10757f169c052510d56b4710c9c07d560fb80d3501ba851df6b8c35dedf81c8a0915bab092fcdb0b2ce7001ccaa291efcf38a3ebed11b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    85073b90b3ed2f4b0f6d3f71c3e60963

    SHA1

    f60b0a1ecd682956005751345a0b5bce78387778

    SHA256

    87aea16402315a3283c256b358204ff6b5c4669318eff0c34ca06e361537381b

    SHA512

    2b11b9a575d1e707389a1185c6b43e08b424761b094afdf599701812b7d120d64bb5940ed459ec276a06fb3c7e33e74c36437619fcb3519c22d654d6c1dd9b84

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE246.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE287.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit