General
-
Target
3b834d445259683c657ce624db2628cc4312e01d31f405782727ea9c55af5c2b
-
Size
132KB
-
Sample
220524-v96srafgbn
-
MD5
cddc604ad9869fc81adc75ef34fb3c0d
-
SHA1
df4234f7957547ccb669d06c8319da2f782a69a9
-
SHA256
3b834d445259683c657ce624db2628cc4312e01d31f405782727ea9c55af5c2b
-
SHA512
a9a92ae57a696ade41f841bb28e319a87f6f3cd59d55ee6c169b7945a7c54529d4e748876b65b4613f69f3ec26b5c8ef0b3b4bfb57626d28e689b3250cf58fe2
Malware Config
Targets
-
-
Target
3b834d445259683c657ce624db2628cc4312e01d31f405782727ea9c55af5c2b
-
Size
132KB
-
MD5
cddc604ad9869fc81adc75ef34fb3c0d
-
SHA1
df4234f7957547ccb669d06c8319da2f782a69a9
-
SHA256
3b834d445259683c657ce624db2628cc4312e01d31f405782727ea9c55af5c2b
-
SHA512
a9a92ae57a696ade41f841bb28e319a87f6f3cd59d55ee6c169b7945a7c54529d4e748876b65b4613f69f3ec26b5c8ef0b3b4bfb57626d28e689b3250cf58fe2
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-