General
-
Target
3f8c1e5dc8ea2e6aff80b31aeb4e626597e144ec58f460e481bf1f50f7d1e60a
-
Size
180KB
-
Sample
220701-agllwsfch7
-
MD5
72dd8f8700c52b00c1b95fa29fbcd30e
-
SHA1
05b1e71bba9e8ed49968569ad3124abd937d30ab
-
SHA256
3f8c1e5dc8ea2e6aff80b31aeb4e626597e144ec58f460e481bf1f50f7d1e60a
-
SHA512
eee3e7377f4555cb2c587045f7fcd15d8ec76b978de8f34ef360d415dccd9641069feb313a8f6ffe13e3f5b3c39a128f7902e58da7ef26a3bd44db112b4fd58a
Malware Config
Targets
-
-
Target
3f8c1e5dc8ea2e6aff80b31aeb4e626597e144ec58f460e481bf1f50f7d1e60a
-
Size
180KB
-
MD5
72dd8f8700c52b00c1b95fa29fbcd30e
-
SHA1
05b1e71bba9e8ed49968569ad3124abd937d30ab
-
SHA256
3f8c1e5dc8ea2e6aff80b31aeb4e626597e144ec58f460e481bf1f50f7d1e60a
-
SHA512
eee3e7377f4555cb2c587045f7fcd15d8ec76b978de8f34ef360d415dccd9641069feb313a8f6ffe13e3f5b3c39a128f7902e58da7ef26a3bd44db112b4fd58a
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Drops file in System32 directory
-