General
-
Target
bccbe0e2548da3747dba45f66e127f71f29acd6b5a7aceeddfaad0f8d5ed37d5
-
Size
375KB
-
Sample
221011-wzbejahdbk
-
MD5
63165b30ddcb8563f60c447383be9e7e
-
SHA1
071cefb7740b09c22c1b560b1a4674cb7194eb4b
-
SHA256
bccbe0e2548da3747dba45f66e127f71f29acd6b5a7aceeddfaad0f8d5ed37d5
-
SHA512
811733f702856c3cf104d85f29e4008146a9f2913e6c30ed77002f78d2335f2b876f2241818960b453e0f3a9e88504d65b2a1c951795e1800dfa9060476a39ff
-
SSDEEP
6144:dv5zQJVb5p72cHF1ybDFwekh212KhvwIb759QOaBjpaVRPu23E2rJmWjFc94:d4VOiF1WD7kE1dTYOi8V5u23zmWFy4
Malware Config
Targets
-
-
Target
bccbe0e2548da3747dba45f66e127f71f29acd6b5a7aceeddfaad0f8d5ed37d5
-
Size
375KB
-
MD5
63165b30ddcb8563f60c447383be9e7e
-
SHA1
071cefb7740b09c22c1b560b1a4674cb7194eb4b
-
SHA256
bccbe0e2548da3747dba45f66e127f71f29acd6b5a7aceeddfaad0f8d5ed37d5
-
SHA512
811733f702856c3cf104d85f29e4008146a9f2913e6c30ed77002f78d2335f2b876f2241818960b453e0f3a9e88504d65b2a1c951795e1800dfa9060476a39ff
-
SSDEEP
6144:dv5zQJVb5p72cHF1ybDFwekh212KhvwIb759QOaBjpaVRPu23E2rJmWjFc94:d4VOiF1WD7kE1dTYOi8V5u23zmWFy4
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-