General
-
Target
3348f46af3929ede5226402d096a1198ca2ea0534f295679af8544c2f1bf4052
-
Size
272KB
-
Sample
221003-m6vmbadbfl
-
MD5
688a79d23d73c139cfac17b16a228ea0
-
SHA1
6afb5caa116323b789e84bda8627de4055c8e392
-
SHA256
3348f46af3929ede5226402d096a1198ca2ea0534f295679af8544c2f1bf4052
-
SHA512
a78f6e68a5fc805aa396c3d22b899aafc26f583bd2e14bb6720548eedfc228bf2e483acb9dc6559f8571af5966b846e0f302139b30b2f5906cb1e21e3f23f281
-
SSDEEP
6144:rW0BgeX4QSE7M+l6BFV2KMsHleE8wUVsB:ZBgeX4xEIS6nV9HCwas
Malware Config
Targets
-
-
Target
3348f46af3929ede5226402d096a1198ca2ea0534f295679af8544c2f1bf4052
-
Size
272KB
-
MD5
688a79d23d73c139cfac17b16a228ea0
-
SHA1
6afb5caa116323b789e84bda8627de4055c8e392
-
SHA256
3348f46af3929ede5226402d096a1198ca2ea0534f295679af8544c2f1bf4052
-
SHA512
a78f6e68a5fc805aa396c3d22b899aafc26f583bd2e14bb6720548eedfc228bf2e483acb9dc6559f8571af5966b846e0f302139b30b2f5906cb1e21e3f23f281
-
SSDEEP
6144:rW0BgeX4QSE7M+l6BFV2KMsHleE8wUVsB:ZBgeX4xEIS6nV9HCwas
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-