General
-
Target
1e73ab6337d7bc6dc4fcbb583c4730bb367a588c6585ab8578f5cca47a9efe47
-
Size
28KB
-
Sample
221105-yx26ksbggj
-
MD5
66ec4cc9f416f28027e33b6859cef6dd
-
SHA1
3963deb836da64cf5284b54ab7fb320c61cefc57
-
SHA256
1e73ab6337d7bc6dc4fcbb583c4730bb367a588c6585ab8578f5cca47a9efe47
-
SHA512
304fe2e7397508ae057f29685adc79e47181cae4f7cf7ce470343e3dd2f2e9b7692e5f450eb51ae6b3530db82b7d292e417c4161c5614e8724383b62b844d16a
-
SSDEEP
768:dPIjlBNB+BFBoBsB4BTBHBAC86oLjEMcaNoNl9/NOIc:5SW/CF/i
Malware Config
Targets
-
-
Target
1e73ab6337d7bc6dc4fcbb583c4730bb367a588c6585ab8578f5cca47a9efe47
-
Size
28KB
-
MD5
66ec4cc9f416f28027e33b6859cef6dd
-
SHA1
3963deb836da64cf5284b54ab7fb320c61cefc57
-
SHA256
1e73ab6337d7bc6dc4fcbb583c4730bb367a588c6585ab8578f5cca47a9efe47
-
SHA512
304fe2e7397508ae057f29685adc79e47181cae4f7cf7ce470343e3dd2f2e9b7692e5f450eb51ae6b3530db82b7d292e417c4161c5614e8724383b62b844d16a
-
SSDEEP
768:dPIjlBNB+BFBoBsB4BTBHBAC86oLjEMcaNoNl9/NOIc:5SW/CF/i
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
UAC bypass
-
joker
Joker is an Android malware that targets billing and SMS fraud.
-
Creates new service(s)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-