General
-
Target
d9d4bc03509a709d961d48f7c951112d684e4684061218a3fcdf23c8b783b18d
-
Size
375KB
-
Sample
220914-j2pcyshfc6
-
MD5
9e231d8777538c65823ed46783a8d8a2
-
SHA1
d0cd08b94366fddfb85bd232643a634eedd43729
-
SHA256
d9d4bc03509a709d961d48f7c951112d684e4684061218a3fcdf23c8b783b18d
-
SHA512
39997ed2062bfe285c84923ba2cbddc3a880fced34b131ae063f6554727a67cbf503aeee4b62e5aa0574cd45c3e395e8a8d30c776e5a99a04c865a7b0043f871
-
SSDEEP
6144:vv5zQJVb5p72cHF1ybDFwekh212KhvwIb759QOaBjpaVRPu23E2rJmWjFc94:v4VOiF1WD7kE1dTYOi8V5u23zmWFy4
Malware Config
Targets
-
-
Target
d9d4bc03509a709d961d48f7c951112d684e4684061218a3fcdf23c8b783b18d
-
Size
375KB
-
MD5
9e231d8777538c65823ed46783a8d8a2
-
SHA1
d0cd08b94366fddfb85bd232643a634eedd43729
-
SHA256
d9d4bc03509a709d961d48f7c951112d684e4684061218a3fcdf23c8b783b18d
-
SHA512
39997ed2062bfe285c84923ba2cbddc3a880fced34b131ae063f6554727a67cbf503aeee4b62e5aa0574cd45c3e395e8a8d30c776e5a99a04c865a7b0043f871
-
SSDEEP
6144:vv5zQJVb5p72cHF1ybDFwekh212KhvwIb759QOaBjpaVRPu23E2rJmWjFc94:v4VOiF1WD7kE1dTYOi8V5u23zmWFy4
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-