General
-
Target
323e851ce262a9efbc96176a8720971df71e436470af0b08ff2bf755079aed20
-
Size
36KB
-
Sample
230322-fn7etsfa23
-
MD5
06ec1ed9031b5f8c57dd5c1550d2c26e
-
SHA1
ca0ff93b43e81348b25151e666e024b88f1c05ba
-
SHA256
323e851ce262a9efbc96176a8720971df71e436470af0b08ff2bf755079aed20
-
SHA512
b828a008ec92b1b423765368b7460b2ac3732b59058ecdbc8a48f88821bcc52279d9581c377be3231859f13f3ebc2a0aba14f7ee820d385e811d2e63ea293c01
-
SSDEEP
192:tXU60V/WmoI+af4R9JNRcJLef3Rmtj0IRmtSgUoynaYgH9L1nnCQBRmlFQ93M3pc:tk60V/wI4PJhGYSGS10tdLVC+w7QSc
Malware Config
Targets
-
-
Target
323e851ce262a9efbc96176a8720971df71e436470af0b08ff2bf755079aed20
-
Size
36KB
-
MD5
06ec1ed9031b5f8c57dd5c1550d2c26e
-
SHA1
ca0ff93b43e81348b25151e666e024b88f1c05ba
-
SHA256
323e851ce262a9efbc96176a8720971df71e436470af0b08ff2bf755079aed20
-
SHA512
b828a008ec92b1b423765368b7460b2ac3732b59058ecdbc8a48f88821bcc52279d9581c377be3231859f13f3ebc2a0aba14f7ee820d385e811d2e63ea293c01
-
SSDEEP
192:tXU60V/WmoI+af4R9JNRcJLef3Rmtj0IRmtSgUoynaYgH9L1nnCQBRmlFQ93M3pc:tk60V/wI4PJhGYSGS10tdLVC+w7QSc
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-