General

  • Target

    8286cc589f3ec4178997bf34133842cd1d8004248e1741fcf2562588287def8c

  • Size

    3.4MB

  • Sample

    221129-x3hhpaca71

  • MD5

    15eba7bd2980d8ff343148fab91e642f

  • SHA1

    9cd47a4945464bf9c0113b89c35ca0953eb1e1c5

  • SHA256

    8286cc589f3ec4178997bf34133842cd1d8004248e1741fcf2562588287def8c

  • SHA512

    7e516d77041899d21c4af1431d1805a238199852589dc494963349e9d7078174d8b9df992022f011f7ba74dd40cd9dd07d210054561a3e54a518361bdc926eac

  • SSDEEP

    49152:B2Ydv3ZO/jwLHBLRnUvOtStpYD9qV3aS6doH224GS8EhviL2uy8PBw/TMAvjlNBo:EuO/jK0wfD9qsvqjS8by8PEjVGokUk

Score
10/10

Malware Config

Targets

    • Target

      8286cc589f3ec4178997bf34133842cd1d8004248e1741fcf2562588287def8c

    • Size

      3.4MB

    • MD5

      15eba7bd2980d8ff343148fab91e642f

    • SHA1

      9cd47a4945464bf9c0113b89c35ca0953eb1e1c5

    • SHA256

      8286cc589f3ec4178997bf34133842cd1d8004248e1741fcf2562588287def8c

    • SHA512

      7e516d77041899d21c4af1431d1805a238199852589dc494963349e9d7078174d8b9df992022f011f7ba74dd40cd9dd07d210054561a3e54a518361bdc926eac

    • SSDEEP

      49152:B2Ydv3ZO/jwLHBLRnUvOtStpYD9qV3aS6doH224GS8EhviL2uy8PBw/TMAvjlNBo:EuO/jK0wfD9qsvqjS8by8PEjVGokUk

    Score
    10/10
    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Command and Control

Web Service

1
T1102

Tasks