General
-
Target
d320cae391e657808058b93046d25389921a2a41f1afd643148bbbc24c06d6ce
-
Size
20.2MB
-
Sample
221128-f4savade2v
-
MD5
58542378af6f2ea01d08d6134acc47a7
-
SHA1
a807a47680b844dc9645fb2dcd36a224ea8feaab
-
SHA256
d320cae391e657808058b93046d25389921a2a41f1afd643148bbbc24c06d6ce
-
SHA512
fa7da152d550dece6079176a22537e15e53b6486f58614bb09fba0eb32f0ebe8751bbd547cd33b5a6e3237280c543de2909b84524cbcb40e11270538d9f73d18
-
SSDEEP
393216:FpjdQkoM0mSmL5fcDa/NlYNvZk3QL4QjNRFC5YNKVwa+v8YAsL6SjEDtzn:FpjdjNSm1fIa/NlWN/w7TYAsL7qR
Malware Config
Targets
-
-
Target
d320cae391e657808058b93046d25389921a2a41f1afd643148bbbc24c06d6ce
-
Size
20.2MB
-
MD5
58542378af6f2ea01d08d6134acc47a7
-
SHA1
a807a47680b844dc9645fb2dcd36a224ea8feaab
-
SHA256
d320cae391e657808058b93046d25389921a2a41f1afd643148bbbc24c06d6ce
-
SHA512
fa7da152d550dece6079176a22537e15e53b6486f58614bb09fba0eb32f0ebe8751bbd547cd33b5a6e3237280c543de2909b84524cbcb40e11270538d9f73d18
-
SSDEEP
393216:FpjdQkoM0mSmL5fcDa/NlYNvZk3QL4QjNRFC5YNKVwa+v8YAsL6SjEDtzn:FpjdjNSm1fIa/NlWN/w7TYAsL7qR
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-