General

  • Target

    6715e7c02ecb8b12564dc76393e5da7b7fce84cb352d7630d13c62da33a6b5dc

  • Size

    121KB

  • Sample

    221204-v4v43aef2x

  • MD5

    eed9987999b2d9ed351671d18fd75cf9

  • SHA1

    405a5e5a50fd09946ad1b1ca7e0e3e842867d196

  • SHA256

    6715e7c02ecb8b12564dc76393e5da7b7fce84cb352d7630d13c62da33a6b5dc

  • SHA512

    66daf879ef879bb10f826d49a10ae48200931bc0fbe69307b27ce5932bf64e73a17fb95c5c4ce0df69fd58f4e739e880526228fd1389c2c3473a4bc27a3bfa76

  • SSDEEP

    3072:4Z8SEPx9N0UlGnzrlfymXC8TykNZvzSttnqEFaA:4Z8BPx9h+3omyAzZbiqET

Malware Config

Targets

    • Target

      6715e7c02ecb8b12564dc76393e5da7b7fce84cb352d7630d13c62da33a6b5dc

    • Size

      121KB

    • MD5

      eed9987999b2d9ed351671d18fd75cf9

    • SHA1

      405a5e5a50fd09946ad1b1ca7e0e3e842867d196

    • SHA256

      6715e7c02ecb8b12564dc76393e5da7b7fce84cb352d7630d13c62da33a6b5dc

    • SHA512

      66daf879ef879bb10f826d49a10ae48200931bc0fbe69307b27ce5932bf64e73a17fb95c5c4ce0df69fd58f4e739e880526228fd1389c2c3473a4bc27a3bfa76

    • SSDEEP

      3072:4Z8SEPx9N0UlGnzrlfymXC8TykNZvzSttnqEFaA:4Z8BPx9h+3omyAzZbiqET

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Sets DLL path for service in the registry

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks