General
-
Target
db662a0f7a4b2e48f6f6c43cea40e6889f3b5e3c9ff993a93dc66acc3df8ec09
-
Size
872KB
-
Sample
221202-vnxyqaga85
-
MD5
9763281bcec6c05791d4e1020ee09230
-
SHA1
ab8490c0cc26ce8c77bfc75421fdfcd06ba1b9dd
-
SHA256
db662a0f7a4b2e48f6f6c43cea40e6889f3b5e3c9ff993a93dc66acc3df8ec09
-
SHA512
5dc3d7d88df1266d1a24b22fe6750037026844df468675b3a08e95374b8888651a4a48f04052bbb3f794def17ee347b890527307e021d125b877fb2367ce3436
-
SSDEEP
12288:wQYpf4lzJD8+WoLWGdMgEjDvrDxqAtZ+xQgzExi1:wQYMD8BoKG+gEjHDxOQgzExi1
Malware Config
Targets
-
-
Target
db662a0f7a4b2e48f6f6c43cea40e6889f3b5e3c9ff993a93dc66acc3df8ec09
-
Size
872KB
-
MD5
9763281bcec6c05791d4e1020ee09230
-
SHA1
ab8490c0cc26ce8c77bfc75421fdfcd06ba1b9dd
-
SHA256
db662a0f7a4b2e48f6f6c43cea40e6889f3b5e3c9ff993a93dc66acc3df8ec09
-
SHA512
5dc3d7d88df1266d1a24b22fe6750037026844df468675b3a08e95374b8888651a4a48f04052bbb3f794def17ee347b890527307e021d125b877fb2367ce3436
-
SSDEEP
12288:wQYpf4lzJD8+WoLWGdMgEjDvrDxqAtZ+xQgzExi1:wQYMD8BoKG+gEjHDxOQgzExi1
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-