General
-
Target
bf09c36235b5b0e8987b45c4490204ebcacb57faa1642935a5a30bf60cd41694
-
Size
1.6MB
-
Sample
221201-tnvb6aac2t
-
MD5
5494d9f5d2eec8b803041ba210bff026
-
SHA1
76aa06b1d31f11b24649432940ac3c5a7196e305
-
SHA256
bf09c36235b5b0e8987b45c4490204ebcacb57faa1642935a5a30bf60cd41694
-
SHA512
9b30fb8a286ceb3bfdd1d4c9207f89567e15aa2a9a804ba1e11dd49337c87faef16611b4f78d47780f6b39aad4b6be251ab5c0c6fa8773e13808c10e4baf1eef
-
SSDEEP
49152:Z3ytBb4ViBVjpVYVvHCSTniLGUFVrAFFZLmz:MtBb4V+WaSTni6IFs2
Malware Config
Targets
-
-
Target
bf09c36235b5b0e8987b45c4490204ebcacb57faa1642935a5a30bf60cd41694
-
Size
1.6MB
-
MD5
5494d9f5d2eec8b803041ba210bff026
-
SHA1
76aa06b1d31f11b24649432940ac3c5a7196e305
-
SHA256
bf09c36235b5b0e8987b45c4490204ebcacb57faa1642935a5a30bf60cd41694
-
SHA512
9b30fb8a286ceb3bfdd1d4c9207f89567e15aa2a9a804ba1e11dd49337c87faef16611b4f78d47780f6b39aad4b6be251ab5c0c6fa8773e13808c10e4baf1eef
-
SSDEEP
49152:Z3ytBb4ViBVjpVYVvHCSTniLGUFVrAFFZLmz:MtBb4V+WaSTni6IFs2
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-