General
-
Target
20105bd3112e1467d5081400343a6c4baa915c12012db77fadddd5a84e7a0b75
-
Size
260KB
-
Sample
220612-q3nalsdhcn
-
MD5
27fe3482f2f12435310a3c84544f4f0b
-
SHA1
dcef2cd3c551bf22b748556d7cdcd439a6cc5274
-
SHA256
20105bd3112e1467d5081400343a6c4baa915c12012db77fadddd5a84e7a0b75
-
SHA512
2324d9e10f410c3573d99dcdf3daf0960965e0e09a5134d21ad25e9cf6d0f91919e38cf37513b27baa25c3ade79825096dd88c50dfa5ddb82ff8ed36c32b2c48
Malware Config
Targets
-
-
Target
20105bd3112e1467d5081400343a6c4baa915c12012db77fadddd5a84e7a0b75
-
Size
260KB
-
MD5
27fe3482f2f12435310a3c84544f4f0b
-
SHA1
dcef2cd3c551bf22b748556d7cdcd439a6cc5274
-
SHA256
20105bd3112e1467d5081400343a6c4baa915c12012db77fadddd5a84e7a0b75
-
SHA512
2324d9e10f410c3573d99dcdf3daf0960965e0e09a5134d21ad25e9cf6d0f91919e38cf37513b27baa25c3ade79825096dd88c50dfa5ddb82ff8ed36c32b2c48
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Modifies firewall policy service
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
suricata: ET MALWARE Known Hostile Domain ant.trenz .pl Lookup
suricata: ET MALWARE Known Hostile Domain ant.trenz .pl Lookup
-
suricata: ET MALWARE Known Hostile Domain ilo.brenz .pl Lookup
suricata: ET MALWARE Known Hostile Domain ilo.brenz .pl Lookup
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-