General
-
Target
8b60d02805f82cad03d2b17d39fbe83b4458f0316cdcf42a4255b56c666acc6b
-
Size
375KB
-
Sample
221010-maxf2abdh4
-
MD5
0c2b0353fcc468d7408c66651ba55558
-
SHA1
82a3b0530a923a03be544b2a045d978a3ef20bd1
-
SHA256
8b60d02805f82cad03d2b17d39fbe83b4458f0316cdcf42a4255b56c666acc6b
-
SHA512
f6c2ac57f15bdca0c7c9ae45f735c468bfae43372f4a20f4f7ef01a8ee65412f9384de0488b4304ac06185d0e224df051e77d8003d9e0552626d688fbdba75fe
-
SSDEEP
6144:Pv5zQJVb5p72cHF1ybDFwekh212KhvwIb759QOaBjpaVRPu23E2rJmWjFc94:P4VOiF1WD7kE1dTYOi8V5u23zmWFy4
Malware Config
Targets
-
-
Target
8b60d02805f82cad03d2b17d39fbe83b4458f0316cdcf42a4255b56c666acc6b
-
Size
375KB
-
MD5
0c2b0353fcc468d7408c66651ba55558
-
SHA1
82a3b0530a923a03be544b2a045d978a3ef20bd1
-
SHA256
8b60d02805f82cad03d2b17d39fbe83b4458f0316cdcf42a4255b56c666acc6b
-
SHA512
f6c2ac57f15bdca0c7c9ae45f735c468bfae43372f4a20f4f7ef01a8ee65412f9384de0488b4304ac06185d0e224df051e77d8003d9e0552626d688fbdba75fe
-
SSDEEP
6144:Pv5zQJVb5p72cHF1ybDFwekh212KhvwIb759QOaBjpaVRPu23E2rJmWjFc94:P4VOiF1WD7kE1dTYOi8V5u23zmWFy4
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-