General
-
Target
f79527f6a0d44984813c08eabb0a41715ed7125cb466f52e5bb2db42443ab332
-
Size
108KB
-
Sample
221204-m51f6sce73
-
MD5
f6521e23da5fb9e84c00d2b3faa9c319
-
SHA1
ac0bcece942b03077345341779bc544418878a6d
-
SHA256
f79527f6a0d44984813c08eabb0a41715ed7125cb466f52e5bb2db42443ab332
-
SHA512
cd1a14d5a291c4b42b594fc0a4c1e1267653fcd669fb2c92377a47952ad8b73480e76a8ff8f5c42eb7bb88282bdf3661d69b7e076a12d7e00d458e563e09f898
-
SSDEEP
3072:aYVVWo4zw+6A1gSsh0lcs7zdsmOhNbt+g99zte8S:hVyzw+TsYzzSZzQg99zoh
Malware Config
Targets
-
-
Target
f79527f6a0d44984813c08eabb0a41715ed7125cb466f52e5bb2db42443ab332
-
Size
108KB
-
MD5
f6521e23da5fb9e84c00d2b3faa9c319
-
SHA1
ac0bcece942b03077345341779bc544418878a6d
-
SHA256
f79527f6a0d44984813c08eabb0a41715ed7125cb466f52e5bb2db42443ab332
-
SHA512
cd1a14d5a291c4b42b594fc0a4c1e1267653fcd669fb2c92377a47952ad8b73480e76a8ff8f5c42eb7bb88282bdf3661d69b7e076a12d7e00d458e563e09f898
-
SSDEEP
3072:aYVVWo4zw+6A1gSsh0lcs7zdsmOhNbt+g99zte8S:hVyzw+TsYzzSZzQg99zoh
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-