General
-
Target
87c5e005949141741b69492c8dbcf9705933eeb0378e08d498c663dc201f5bf3
-
Size
241KB
-
Sample
221124-lzzf9afc24
-
MD5
e68bf4c9bbd68f1ffd209d76fde7b41a
-
SHA1
2083df9c50f220708398df52c4cee260f51e92bc
-
SHA256
87c5e005949141741b69492c8dbcf9705933eeb0378e08d498c663dc201f5bf3
-
SHA512
cdd048e98ffca291df047f282b04764a592798764d79d023e9f9a62f9a1c5ad4ef202a0c0afeae6ccdbe66f82697f6e0f9fed18d83e12eccb52f1fe3c9a8341e
-
SSDEEP
6144:2pW1rdLmcnZrN26YU8jdRO286Dal+g7gr5d9HlTFph:2pAmerNxYhriiM+gidpnz
Malware Config
Targets
-
-
Target
87c5e005949141741b69492c8dbcf9705933eeb0378e08d498c663dc201f5bf3
-
Size
241KB
-
MD5
e68bf4c9bbd68f1ffd209d76fde7b41a
-
SHA1
2083df9c50f220708398df52c4cee260f51e92bc
-
SHA256
87c5e005949141741b69492c8dbcf9705933eeb0378e08d498c663dc201f5bf3
-
SHA512
cdd048e98ffca291df047f282b04764a592798764d79d023e9f9a62f9a1c5ad4ef202a0c0afeae6ccdbe66f82697f6e0f9fed18d83e12eccb52f1fe3c9a8341e
-
SSDEEP
6144:2pW1rdLmcnZrN26YU8jdRO286Dal+g7gr5d9HlTFph:2pAmerNxYhriiM+gidpnz
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-