General
-
Target
153948dc95a042a29c2f5314aac8460107f6c57e74f4c4344fc2cf9cc9da07b3
-
Size
375KB
-
Sample
220806-g8s9dabegj
-
MD5
6775433aada04da42f2dcacb863bff9a
-
SHA1
289bf6f2c50685d6153bbc762aad32571600d86a
-
SHA256
153948dc95a042a29c2f5314aac8460107f6c57e74f4c4344fc2cf9cc9da07b3
-
SHA512
465fa8c27df4dea1ed972adc89fe4c0b4d17d4969023ee88b0d4a12df15e0c9240c45f9afa9a8b714ac44432f623572a7329cace68a8688a09bb6ccd857d6741
Malware Config
Targets
-
-
Target
153948dc95a042a29c2f5314aac8460107f6c57e74f4c4344fc2cf9cc9da07b3
-
Size
375KB
-
MD5
6775433aada04da42f2dcacb863bff9a
-
SHA1
289bf6f2c50685d6153bbc762aad32571600d86a
-
SHA256
153948dc95a042a29c2f5314aac8460107f6c57e74f4c4344fc2cf9cc9da07b3
-
SHA512
465fa8c27df4dea1ed972adc89fe4c0b4d17d4969023ee88b0d4a12df15e0c9240c45f9afa9a8b714ac44432f623572a7329cace68a8688a09bb6ccd857d6741
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-