General
-
Target
c9aa1f210b950b6f80307e2ae721aad064f268867918e5349ef8eb445291bcf5
-
Size
47KB
-
Sample
221123-qcx25agf7z
-
MD5
3da64e8399ac8cecda1a640205b46d64
-
SHA1
377f125b7611e1faded71161917d6bf4e3d74159
-
SHA256
c9aa1f210b950b6f80307e2ae721aad064f268867918e5349ef8eb445291bcf5
-
SHA512
a75aa3dac5b805689a402749bc6542145adc339c701cd7570745ba398fd5ce06ed7bd750b95aa763f1e2bfff404872695fbb19e8dac95a37cf3a21385018267e
-
SSDEEP
768:ADrYMB++TPVxPqwUrNLi0Tixor7TFKWRrJY+tvXeS2OowIuGGxKX0h42nhcW:ADLB+mVxMrY0Tix24WZJYavXeSewrQCd
Malware Config
Targets
-
-
Target
c9aa1f210b950b6f80307e2ae721aad064f268867918e5349ef8eb445291bcf5
-
Size
47KB
-
MD5
3da64e8399ac8cecda1a640205b46d64
-
SHA1
377f125b7611e1faded71161917d6bf4e3d74159
-
SHA256
c9aa1f210b950b6f80307e2ae721aad064f268867918e5349ef8eb445291bcf5
-
SHA512
a75aa3dac5b805689a402749bc6542145adc339c701cd7570745ba398fd5ce06ed7bd750b95aa763f1e2bfff404872695fbb19e8dac95a37cf3a21385018267e
-
SSDEEP
768:ADrYMB++TPVxPqwUrNLi0Tixor7TFKWRrJY+tvXeS2OowIuGGxKX0h42nhcW:ADLB+mVxMrY0Tix24WZJYavXeSewrQCd
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Sets DLL path for service in the registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Deletes itself
-
Loads dropped DLL
-
Drops file in System32 directory
-