General
-
Target
764190ed305b58d272541fcf85109aea975350c514d795b14b9daddb2e193c3d
-
Size
260KB
-
Sample
221124-fr76jaba76
-
MD5
23385d7ee6c3d7e420d26e1d7a9c2a84
-
SHA1
d2addb1e1e668f352264189c41ab75bcc6131ca7
-
SHA256
764190ed305b58d272541fcf85109aea975350c514d795b14b9daddb2e193c3d
-
SHA512
246d5e958cac36595332f6f5f7597006325752791c3e35133bc8be5556854f846f2912261170805dcead2b5d678985778436d43bdc1c08fcede62db7a02589d0
-
SSDEEP
6144:g2Rnh5EsIm2E47RNYQRRyXsPY09inGogj1Yt:geh5EsIY4dNPEcg090Ni2t
Malware Config
Targets
-
-
Target
764190ed305b58d272541fcf85109aea975350c514d795b14b9daddb2e193c3d
-
Size
260KB
-
MD5
23385d7ee6c3d7e420d26e1d7a9c2a84
-
SHA1
d2addb1e1e668f352264189c41ab75bcc6131ca7
-
SHA256
764190ed305b58d272541fcf85109aea975350c514d795b14b9daddb2e193c3d
-
SHA512
246d5e958cac36595332f6f5f7597006325752791c3e35133bc8be5556854f846f2912261170805dcead2b5d678985778436d43bdc1c08fcede62db7a02589d0
-
SSDEEP
6144:g2Rnh5EsIm2E47RNYQRRyXsPY09inGogj1Yt:geh5EsIY4dNPEcg090Ni2t
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-