General
-
Target
48bfde766f1cc95368dc541eb2a677f2cc21726e7e810316ef580ddfba0c477a
-
Size
256KB
-
Sample
221011-r5h94sach2
-
MD5
7c8ce74dfbba216b4ac618ab9fa9c690
-
SHA1
f91637e7ac16d1a7f74d4d6e1ae1cf30df059762
-
SHA256
48bfde766f1cc95368dc541eb2a677f2cc21726e7e810316ef580ddfba0c477a
-
SHA512
ed4defa728180de300d8ae3d144442e19bf19c852cd18ba0a390abab2999b2d80a26b3c85844f762e4fca1527e0b8f0ba4837020c2c1ec421e70afd6fd7a5502
-
SSDEEP
6144:L2gesJ12TMUQ8pfFquGUA8uIe7nl4Y7DOg9omdKRm1:hKTMUNfFquDA8LI4Eig9h1
Malware Config
Targets
-
-
Target
48bfde766f1cc95368dc541eb2a677f2cc21726e7e810316ef580ddfba0c477a
-
Size
256KB
-
MD5
7c8ce74dfbba216b4ac618ab9fa9c690
-
SHA1
f91637e7ac16d1a7f74d4d6e1ae1cf30df059762
-
SHA256
48bfde766f1cc95368dc541eb2a677f2cc21726e7e810316ef580ddfba0c477a
-
SHA512
ed4defa728180de300d8ae3d144442e19bf19c852cd18ba0a390abab2999b2d80a26b3c85844f762e4fca1527e0b8f0ba4837020c2c1ec421e70afd6fd7a5502
-
SSDEEP
6144:L2gesJ12TMUQ8pfFquGUA8uIe7nl4Y7DOg9omdKRm1:hKTMUNfFquDA8LI4Eig9h1
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Adds Run key to start application
-
Drops file in System32 directory
-