General
-
Target
45b6cbc521e143b19db6b540e7c09f6cd51478dd99710436d49fa537d9e2924b
-
Size
2.4MB
-
Sample
241003-wqvrtasfph
-
MD5
8faf4f34201506d27c9ad1aadc8be848
-
SHA1
6f66e53197491ca86732321bbde7f55e5dba25bc
-
SHA256
45b6cbc521e143b19db6b540e7c09f6cd51478dd99710436d49fa537d9e2924b
-
SHA512
5c330b2b05b68ce842bd69ddf57c100b2715b6a7fac0c374c37d28bcff73acec49cadb00c9b8c9c55c9a1331183978efdcd55f19b68b9860898060bb96ccf0c6
-
SSDEEP
24576:KCwsbKgbQ5NANIvGTYwMHXA+wT1kfTw4SIuvB74fgt7ibhRM5QhKehFdMtRj7nHe:KCwsbCANnKXferL7Vwe/Gg0P+WhNhHh
Static task
static1
Behavioral task
behavioral1
Sample
45b6cbc521e143b19db6b540e7c09f6cd51478dd99710436d49fa537d9e2924b.exe
Resource
win7-20240704-en
Malware Config
Targets
-
-
Target
45b6cbc521e143b19db6b540e7c09f6cd51478dd99710436d49fa537d9e2924b
-
Size
2.4MB
-
MD5
8faf4f34201506d27c9ad1aadc8be848
-
SHA1
6f66e53197491ca86732321bbde7f55e5dba25bc
-
SHA256
45b6cbc521e143b19db6b540e7c09f6cd51478dd99710436d49fa537d9e2924b
-
SHA512
5c330b2b05b68ce842bd69ddf57c100b2715b6a7fac0c374c37d28bcff73acec49cadb00c9b8c9c55c9a1331183978efdcd55f19b68b9860898060bb96ccf0c6
-
SSDEEP
24576:KCwsbKgbQ5NANIvGTYwMHXA+wT1kfTw4SIuvB74fgt7ibhRM5QhKehFdMtRj7nHe:KCwsbCANnKXferL7Vwe/Gg0P+WhNhHh
-
Gh0st RAT payload
-
Drops file in Drivers directory
-
Server Software Component: Terminal Services DLL
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Server Software Component
1Terminal Services DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1