General
-
Target
a84e4a294bfff86fd236b92cecba7cf8dfdc4d8faff5fad6d11e2b767846758b
-
Size
260KB
-
Sample
221206-v91azace21
-
MD5
506130a01fb117dcb83ae41ea706b21d
-
SHA1
a019464e062feb4354ac216d67c097808f6a2a38
-
SHA256
a84e4a294bfff86fd236b92cecba7cf8dfdc4d8faff5fad6d11e2b767846758b
-
SHA512
8140bdca34f8b9b49251fd4dc5a8d01a1fcd471ab55851d198b2c9eb50ea9eb85fb8a413f45bd045065f11a48f7a1db39818aed87c441e70a5aa1d0c2fb2ae00
-
SSDEEP
6144:nCcOgechPQSE7M2IpkOZBdYHEzodH9aQw:KgeiPxEIDBqHEzo185
Malware Config
Targets
-
-
Target
a84e4a294bfff86fd236b92cecba7cf8dfdc4d8faff5fad6d11e2b767846758b
-
Size
260KB
-
MD5
506130a01fb117dcb83ae41ea706b21d
-
SHA1
a019464e062feb4354ac216d67c097808f6a2a38
-
SHA256
a84e4a294bfff86fd236b92cecba7cf8dfdc4d8faff5fad6d11e2b767846758b
-
SHA512
8140bdca34f8b9b49251fd4dc5a8d01a1fcd471ab55851d198b2c9eb50ea9eb85fb8a413f45bd045065f11a48f7a1db39818aed87c441e70a5aa1d0c2fb2ae00
-
SSDEEP
6144:nCcOgechPQSE7M2IpkOZBdYHEzodH9aQw:KgeiPxEIDBqHEzo185
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-