General
-
Target
6485a668d583fa351f28779f20f210539154122c3fe5f8f5c732048275226116
-
Size
375KB
-
Sample
221011-qzj4sagbf4
-
MD5
d0eb4cfd79d55dd0c2fc4309107413a7
-
SHA1
ef9eee5f88650401deed641dc1bfb7b94a7a985b
-
SHA256
6485a668d583fa351f28779f20f210539154122c3fe5f8f5c732048275226116
-
SHA512
6373ab8c2f823e70a5311436483ba2a3a899f69483dcf9d0e2e6d0e8486568c72239a9469784f00a761443f7d166f798a7b90e4004a36fc95d925f9277d4e6b1
-
SSDEEP
6144:sv5zQJVb5p72cHF1ybDFwekh212KhvwIb759QOaBjpaVRPu23E2rJmWjFc94:s4VOiF1WD7kE1dTYOi8V5u23zmWFy4
Malware Config
Targets
-
-
Target
6485a668d583fa351f28779f20f210539154122c3fe5f8f5c732048275226116
-
Size
375KB
-
MD5
d0eb4cfd79d55dd0c2fc4309107413a7
-
SHA1
ef9eee5f88650401deed641dc1bfb7b94a7a985b
-
SHA256
6485a668d583fa351f28779f20f210539154122c3fe5f8f5c732048275226116
-
SHA512
6373ab8c2f823e70a5311436483ba2a3a899f69483dcf9d0e2e6d0e8486568c72239a9469784f00a761443f7d166f798a7b90e4004a36fc95d925f9277d4e6b1
-
SSDEEP
6144:sv5zQJVb5p72cHF1ybDFwekh212KhvwIb759QOaBjpaVRPu23E2rJmWjFc94:s4VOiF1WD7kE1dTYOi8V5u23zmWFy4
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-