General

  • Target

    d13cd3de3128d0a1baefe6f701cf49f9cc144c7da249db64d6a5cbb9af9bea90

  • Size

    375KB

  • Sample

    221004-2nkrqacge8

  • MD5

    ca2db4af99b8c1fc9d2b8c7642daa1b1

  • SHA1

    a262bf0ab9cf37c931ebd7ed4b3e4faf0d349108

  • SHA256

    d13cd3de3128d0a1baefe6f701cf49f9cc144c7da249db64d6a5cbb9af9bea90

  • SHA512

    da8be6da3034524f556a9a93de23b47520dcc966648a2158639fc4e92d9fee9c5eebf94f58dd7615c53ad2821ba2acd95f88a663b06418b818b282e90e5b6ebc

  • SSDEEP

    6144:Xv5zQJVb5p72cHF1ybDFwekh212KhvwIb759QOaBjpaVRPu23E2rJmWjFc94:X4VOiF1WD7kE1dTYOi8V5u23zmWFy4

Score
10/10

Malware Config

Targets

    • Target

      d13cd3de3128d0a1baefe6f701cf49f9cc144c7da249db64d6a5cbb9af9bea90

    • Size

      375KB

    • MD5

      ca2db4af99b8c1fc9d2b8c7642daa1b1

    • SHA1

      a262bf0ab9cf37c931ebd7ed4b3e4faf0d349108

    • SHA256

      d13cd3de3128d0a1baefe6f701cf49f9cc144c7da249db64d6a5cbb9af9bea90

    • SHA512

      da8be6da3034524f556a9a93de23b47520dcc966648a2158639fc4e92d9fee9c5eebf94f58dd7615c53ad2821ba2acd95f88a663b06418b818b282e90e5b6ebc

    • SSDEEP

      6144:Xv5zQJVb5p72cHF1ybDFwekh212KhvwIb759QOaBjpaVRPu23E2rJmWjFc94:X4VOiF1WD7kE1dTYOi8V5u23zmWFy4

    Score
    10/10
    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks