General
-
Target
e41e0aa4877b787b2021bd0148f547c192849632351292b86cb6a7b2d06cec5f
-
Size
1.7MB
-
Sample
241008-l8ajgs1akl
-
MD5
613cab77c52846189b012d5aaccd2195
-
SHA1
446a34a6e6b409e540e942bfe098e01fad69dd44
-
SHA256
e41e0aa4877b787b2021bd0148f547c192849632351292b86cb6a7b2d06cec5f
-
SHA512
9c46fd733bc0faabe1d0ef7d8a162eef970b3bc05b57a80c496dc28712d0b26444c5facf8c1f343dc42d0e5751e5a9815609186d3972807c699ebb7814a8ec84
-
SSDEEP
24576:fQZoidOTdVZinacCET9Ecl1erdg0MCiVWhFU7cVRvyn2pWvsL0vO2:fQZAdVyVT9n/Gg0P+Whouvyn2Aa0vO2
Static task
static1
Behavioral task
behavioral1
Sample
e41e0aa4877b787b2021bd0148f547c192849632351292b86cb6a7b2d06cec5f.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
e41e0aa4877b787b2021bd0148f547c192849632351292b86cb6a7b2d06cec5f
-
Size
1.7MB
-
MD5
613cab77c52846189b012d5aaccd2195
-
SHA1
446a34a6e6b409e540e942bfe098e01fad69dd44
-
SHA256
e41e0aa4877b787b2021bd0148f547c192849632351292b86cb6a7b2d06cec5f
-
SHA512
9c46fd733bc0faabe1d0ef7d8a162eef970b3bc05b57a80c496dc28712d0b26444c5facf8c1f343dc42d0e5751e5a9815609186d3972807c699ebb7814a8ec84
-
SSDEEP
24576:fQZoidOTdVZinacCET9Ecl1erdg0MCiVWhFU7cVRvyn2pWvsL0vO2:fQZAdVyVT9n/Gg0P+Whouvyn2Aa0vO2
-
Gh0st RAT payload
-
Drops file in Drivers directory
-
Server Software Component: Terminal Services DLL
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Server Software Component
1Terminal Services DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1