General
-
Target
805ebae28e953fe6a25c195d83814ba25c3f53d473aca28d1c70c6561e802c2b
-
Size
46KB
-
Sample
221107-daplragafk
-
MD5
05b6ec168104c74561fff0dcb4a2b730
-
SHA1
343c13c636b2e0766cab1f706c4146e5cfd014ea
-
SHA256
805ebae28e953fe6a25c195d83814ba25c3f53d473aca28d1c70c6561e802c2b
-
SHA512
fa59593da5c5da4ceb858fc8bba45ddd49497101634a90d93d39772f0f7fca19e0047ba3508915aca0ab07d1b5dac97b8c8093ff5f1388504f4151f1c772d54f
-
SSDEEP
768:zkIAaaE/KYUgj05S/I0sRUWHD401CrFaKYnkG49sBlDe94Ol2uy:zZ4Eyn565Wz1kGbqZl2
Malware Config
Targets
-
-
Target
805ebae28e953fe6a25c195d83814ba25c3f53d473aca28d1c70c6561e802c2b
-
Size
46KB
-
MD5
05b6ec168104c74561fff0dcb4a2b730
-
SHA1
343c13c636b2e0766cab1f706c4146e5cfd014ea
-
SHA256
805ebae28e953fe6a25c195d83814ba25c3f53d473aca28d1c70c6561e802c2b
-
SHA512
fa59593da5c5da4ceb858fc8bba45ddd49497101634a90d93d39772f0f7fca19e0047ba3508915aca0ab07d1b5dac97b8c8093ff5f1388504f4151f1c772d54f
-
SSDEEP
768:zkIAaaE/KYUgj05S/I0sRUWHD401CrFaKYnkG49sBlDe94Ol2uy:zZ4Eyn565Wz1kGbqZl2
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-