General
-
Target
d9e816874564dd4f0b9d75e2041763f99bbfe197ce626fd5cd7d9c2d86f167bc
-
Size
3.0MB
-
Sample
221126-p382msgh2y
-
MD5
5cafb737f1daf9217e0ca94abd543ff8
-
SHA1
25342d22ffb9659814f6d20548322c107ef0c972
-
SHA256
d9e816874564dd4f0b9d75e2041763f99bbfe197ce626fd5cd7d9c2d86f167bc
-
SHA512
1b3e014859fbb83d3de2b8abde5714ee5a51683a36e4e3c10c5813c9a88bed8a97e41f7088eba0267a5394138992527e4ea7a0b3f56dd823079ae45a9ee208d6
-
SSDEEP
49152:zce7Idjnv3xj0OELL2Ek0cEmef2LdCq/jPaUzbW:4GIdjv3xjz6L2V0cEm2qjPFW
Malware Config
Targets
-
-
Target
d9e816874564dd4f0b9d75e2041763f99bbfe197ce626fd5cd7d9c2d86f167bc
-
Size
3.0MB
-
MD5
5cafb737f1daf9217e0ca94abd543ff8
-
SHA1
25342d22ffb9659814f6d20548322c107ef0c972
-
SHA256
d9e816874564dd4f0b9d75e2041763f99bbfe197ce626fd5cd7d9c2d86f167bc
-
SHA512
1b3e014859fbb83d3de2b8abde5714ee5a51683a36e4e3c10c5813c9a88bed8a97e41f7088eba0267a5394138992527e4ea7a0b3f56dd823079ae45a9ee208d6
-
SSDEEP
49152:zce7Idjnv3xj0OELL2Ek0cEmef2LdCq/jPaUzbW:4GIdjv3xjz6L2V0cEm2qjPFW
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Executes dropped EXE
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-