General
-
Target
f726f9bb251916596931d2ebd9a7661630c92f3e4b84beafaf3352974b1a1276
-
Size
375KB
-
Sample
220917-qgjejadgeq
-
MD5
6aadeab725968ba476017805655cf031
-
SHA1
e8d1777d3dbf393edb487670d17c9f43f456e800
-
SHA256
f726f9bb251916596931d2ebd9a7661630c92f3e4b84beafaf3352974b1a1276
-
SHA512
f7276b66ba9689332b328d21016829cda9f78363dade55f984bc5efe087cfe9b30a1a80701249d91d7fe3f88cf205ab055e341a7a449d8e24c0d104885b62588
-
SSDEEP
6144:Lv5zQJVb5p72cHF1ybDFwekh212KhvwIb759QOaBjpaVRPu23E2rJmWjFc94:L4VOiF1WD7kE1dTYOi8V5u23zmWFy4
Malware Config
Targets
-
-
Target
f726f9bb251916596931d2ebd9a7661630c92f3e4b84beafaf3352974b1a1276
-
Size
375KB
-
MD5
6aadeab725968ba476017805655cf031
-
SHA1
e8d1777d3dbf393edb487670d17c9f43f456e800
-
SHA256
f726f9bb251916596931d2ebd9a7661630c92f3e4b84beafaf3352974b1a1276
-
SHA512
f7276b66ba9689332b328d21016829cda9f78363dade55f984bc5efe087cfe9b30a1a80701249d91d7fe3f88cf205ab055e341a7a449d8e24c0d104885b62588
-
SSDEEP
6144:Lv5zQJVb5p72cHF1ybDFwekh212KhvwIb759QOaBjpaVRPu23E2rJmWjFc94:L4VOiF1WD7kE1dTYOi8V5u23zmWFy4
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-