General
-
Target
bf6c9d2340dea27c57c88fcc6ef9ebd0bae328fb1c8287d2ff070eb34e1aea47
-
Size
524KB
-
Sample
230303-phd1rshd66
-
MD5
4ea22394625efd2dafda48c8461ac1ba
-
SHA1
3977916fc354e7f07a4544c0722985a18fd5e8eb
-
SHA256
bf6c9d2340dea27c57c88fcc6ef9ebd0bae328fb1c8287d2ff070eb34e1aea47
-
SHA512
b6859517824e9d20fd0107fd4a595b1cfed62a1f72d01ebbf68eb1b561805a2c9cb9b60137bbe2c748465e210abaf7f11fcba60e29600857b91454e63be00294
-
SSDEEP
12288:E+WdqQs//GAs/2ALUibIXeb8mfcw2C7FOtUVmT+2uICrvu:E+sqJ//MIE8mf72C7++2grvu
Malware Config
Targets
-
-
Target
bf6c9d2340dea27c57c88fcc6ef9ebd0bae328fb1c8287d2ff070eb34e1aea47
-
Size
524KB
-
MD5
4ea22394625efd2dafda48c8461ac1ba
-
SHA1
3977916fc354e7f07a4544c0722985a18fd5e8eb
-
SHA256
bf6c9d2340dea27c57c88fcc6ef9ebd0bae328fb1c8287d2ff070eb34e1aea47
-
SHA512
b6859517824e9d20fd0107fd4a595b1cfed62a1f72d01ebbf68eb1b561805a2c9cb9b60137bbe2c748465e210abaf7f11fcba60e29600857b91454e63be00294
-
SSDEEP
12288:E+WdqQs//GAs/2ALUibIXeb8mfcw2C7FOtUVmT+2uICrvu:E+sqJ//MIE8mf72C7++2grvu
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Creates a Windows Service
-