General
-
Target
fb53dc4298dea72c241130592bd495d2e366a8a8d7bb2c678f16b22d16b54993
-
Size
192KB
-
Sample
221003-ap826aghb9
-
MD5
6e7c22ad556f0e7c7fc423ed3b222ce8
-
SHA1
5a53aa8c4ba39a72700d0b1841c74564d3066e2e
-
SHA256
fb53dc4298dea72c241130592bd495d2e366a8a8d7bb2c678f16b22d16b54993
-
SHA512
5b0797c2a91828ed5d886c701d3795b8567cbdca6ad6435862ff30ff9682d6bdb6344e42616b319a83f964dc4c5208e80b84cd7aae5f9acd9a59a84cf46f591c
-
SSDEEP
3072:8SB23ZRnWUWwQ9LmtWegYpKd8W2/7ik2YvsolNI9cq97Lq74:8FPnWUWukYaNkrNxO7Lq
Malware Config
Targets
-
-
Target
fb53dc4298dea72c241130592bd495d2e366a8a8d7bb2c678f16b22d16b54993
-
Size
192KB
-
MD5
6e7c22ad556f0e7c7fc423ed3b222ce8
-
SHA1
5a53aa8c4ba39a72700d0b1841c74564d3066e2e
-
SHA256
fb53dc4298dea72c241130592bd495d2e366a8a8d7bb2c678f16b22d16b54993
-
SHA512
5b0797c2a91828ed5d886c701d3795b8567cbdca6ad6435862ff30ff9682d6bdb6344e42616b319a83f964dc4c5208e80b84cd7aae5f9acd9a59a84cf46f591c
-
SSDEEP
3072:8SB23ZRnWUWwQ9LmtWegYpKd8W2/7ik2YvsolNI9cq97Lq74:8FPnWUWukYaNkrNxO7Lq
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Deletes itself
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-