General
-
Target
ee521786c8522b0957365a8bc49676c8460f3669cd2af125456068b952108609
-
Size
137KB
-
Sample
221123-lxj9jsce57
-
MD5
807ce67e6bbea706b06c34bb3278d0ff
-
SHA1
23f56b37931c6fec0829e780757a699541947b42
-
SHA256
ee521786c8522b0957365a8bc49676c8460f3669cd2af125456068b952108609
-
SHA512
70816483bb7ad3cb400c88ba9f57e9fd14e1ec15d328bd28d913cdc427018963cafaa2a7bac3d873985573f94a32d6ab4131c1f69e558ea8db2a43f4fb667a3d
-
SSDEEP
1536:cbrVhDp2tl/h74LQJHqFgzbfb2EZx9DjBCAs+BrqkPdv50JptEtcFRmcfCW1:cJ2tP74LHmNZx9jBZn1v+JT7mcfC
Malware Config
Targets
-
-
Target
ee521786c8522b0957365a8bc49676c8460f3669cd2af125456068b952108609
-
Size
137KB
-
MD5
807ce67e6bbea706b06c34bb3278d0ff
-
SHA1
23f56b37931c6fec0829e780757a699541947b42
-
SHA256
ee521786c8522b0957365a8bc49676c8460f3669cd2af125456068b952108609
-
SHA512
70816483bb7ad3cb400c88ba9f57e9fd14e1ec15d328bd28d913cdc427018963cafaa2a7bac3d873985573f94a32d6ab4131c1f69e558ea8db2a43f4fb667a3d
-
SSDEEP
1536:cbrVhDp2tl/h74LQJHqFgzbfb2EZx9DjBCAs+BrqkPdv50JptEtcFRmcfCW1:cJ2tP74LHmNZx9jBZn1v+JT7mcfC
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-