General
-
Target
940a9b6805bfdaa1523f55d20e5895ad.com.vir
-
Size
18KB
-
Sample
230322-jcxb9shd8t
-
MD5
940a9b6805bfdaa1523f55d20e5895ad
-
SHA1
ac37840fd87d9380ed40ab57f9ce411b002c37b6
-
SHA256
33e741219978b766b80213bdc5985c358f5100c297d43e4d30d6eb7794836ade
-
SHA512
c607941be78ae35440b10104a8b80423e00cbc6fa007a0c01b24f5e2460635e8ab9388658328adb0570df0cbfedfd94eb16efe1881367c265da8d4139b0d86f7
-
SSDEEP
384:x7HlMmf8xvauS6Pc6ki2UipTcV1VF0hXHMGBk7/UMQ3BIz:MmqvauSy2/+V1VaXLkj5
Malware Config
Targets
-
-
Target
940a9b6805bfdaa1523f55d20e5895ad.com.vir
-
Size
18KB
-
MD5
940a9b6805bfdaa1523f55d20e5895ad
-
SHA1
ac37840fd87d9380ed40ab57f9ce411b002c37b6
-
SHA256
33e741219978b766b80213bdc5985c358f5100c297d43e4d30d6eb7794836ade
-
SHA512
c607941be78ae35440b10104a8b80423e00cbc6fa007a0c01b24f5e2460635e8ab9388658328adb0570df0cbfedfd94eb16efe1881367c265da8d4139b0d86f7
-
SSDEEP
384:x7HlMmf8xvauS6Pc6ki2UipTcV1VF0hXHMGBk7/UMQ3BIz:MmqvauSy2/+V1VaXLkj5
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-