General
-
Target
244A9C5318E98599C60F3DACBFF48F4F0A898CCDA29AD.exe
-
Size
184KB
-
Sample
220427-bncs1afad6
-
MD5
0a56a968a7f1c3d265acf38740a93d38
-
SHA1
bf17dcba21603a6681f0f9bbec81d356e33d9029
-
SHA256
244a9c5318e98599c60f3dacbff48f4f0a898ccda29ad8a6a8625e3cfe0dbc22
-
SHA512
81d90036885ec7389f146bef660a8553a76179972ddffa5e001f74104165166cf0aad2355db6c80575b26c7b5012aea973470f02913ba128c28e71449f03919f
Malware Config
Targets
-
-
Target
244A9C5318E98599C60F3DACBFF48F4F0A898CCDA29AD.exe
-
Size
184KB
-
MD5
0a56a968a7f1c3d265acf38740a93d38
-
SHA1
bf17dcba21603a6681f0f9bbec81d356e33d9029
-
SHA256
244a9c5318e98599c60f3dacbff48f4f0a898ccda29ad8a6a8625e3cfe0dbc22
-
SHA512
81d90036885ec7389f146bef660a8553a76179972ddffa5e001f74104165166cf0aad2355db6c80575b26c7b5012aea973470f02913ba128c28e71449f03919f
Score10/10-
suricata: ET MALWARE Backdoor family PCRat/Gh0st CnC traffic
suricata: ET MALWARE Backdoor family PCRat/Gh0st CnC traffic
-
suricata: ET MALWARE Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 102
suricata: ET MALWARE Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 102
-
Sets DLL path for service in the registry
-
Deletes itself
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-