General
-
Target
62856958c7571eacf182e9b38f59189d7681ac39513fe3d3778f4b0be4e6ede1
-
Size
248KB
-
Sample
241031-kcbk8svcra
-
MD5
dc38da17b0f0cc99f4831aba153bb28b
-
SHA1
b756ef1b0369e0822ed248363ae6c577d53a7834
-
SHA256
62856958c7571eacf182e9b38f59189d7681ac39513fe3d3778f4b0be4e6ede1
-
SHA512
2c5349b9555c7ddaa300652173eef422fdcfbe464b8f8fca9e2ac53088d860eb996c763506d8ca1fef9ae9a0fb4d9574c6faf164050deb8f27646607f1699f8c
-
SSDEEP
3072:whLXC/6ZxsIDrok7gJWyzebqkqNKktNXBPmaoTZ2xZS21+GCI2ekEbkAsH3mYBoj:whL46Z6IDvgJM5QmahxZS2EGCtr3X7F
Static task
static1
Behavioral task
behavioral1
Sample
62856958c7571eacf182e9b38f59189d7681ac39513fe3d3778f4b0be4e6ede1.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
62856958c7571eacf182e9b38f59189d7681ac39513fe3d3778f4b0be4e6ede1
-
Size
248KB
-
MD5
dc38da17b0f0cc99f4831aba153bb28b
-
SHA1
b756ef1b0369e0822ed248363ae6c577d53a7834
-
SHA256
62856958c7571eacf182e9b38f59189d7681ac39513fe3d3778f4b0be4e6ede1
-
SHA512
2c5349b9555c7ddaa300652173eef422fdcfbe464b8f8fca9e2ac53088d860eb996c763506d8ca1fef9ae9a0fb4d9574c6faf164050deb8f27646607f1699f8c
-
SSDEEP
3072:whLXC/6ZxsIDrok7gJWyzebqkqNKktNXBPmaoTZ2xZS21+GCI2ekEbkAsH3mYBoj:whL46Z6IDvgJM5QmahxZS2EGCtr3X7F
-
Gh0st RAT payload
-
Gh0strat family
-
Purplefox family
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-