General

  • Target

    558e80fb074836c42b5d54d3f20839f1eaab3d8168d0fc4aae1435231e0d359e

  • Size

    1.1MB

  • Sample

    230325-m1apyscc95

  • MD5

    c6e5abd2b25c38c7f5b94498565f7d6b

  • SHA1

    26337d29590fcf03be19f1afb0fdda66e53bd8da

  • SHA256

    558e80fb074836c42b5d54d3f20839f1eaab3d8168d0fc4aae1435231e0d359e

  • SHA512

    58a9a233f89ea16dbfce97f92523cbfd8367ba693c0a695ac9103f0e48611492e0607be3c93db47045668f726fa39d22c196ba817d4eb22d2351eba0e1e44b9c

  • SSDEEP

    24576:i7+jI5iB5Rg/IkBd16JSsvB5h8/rmOWn:n3kBd4vaNWn

Score
10/10

Malware Config

Extracted

Family

gh0strat

C2

3005.qmananan.com

Targets

    • Target

      558e80fb074836c42b5d54d3f20839f1eaab3d8168d0fc4aae1435231e0d359e

    • Size

      1.1MB

    • MD5

      c6e5abd2b25c38c7f5b94498565f7d6b

    • SHA1

      26337d29590fcf03be19f1afb0fdda66e53bd8da

    • SHA256

      558e80fb074836c42b5d54d3f20839f1eaab3d8168d0fc4aae1435231e0d359e

    • SHA512

      58a9a233f89ea16dbfce97f92523cbfd8367ba693c0a695ac9103f0e48611492e0607be3c93db47045668f726fa39d22c196ba817d4eb22d2351eba0e1e44b9c

    • SSDEEP

      24576:i7+jI5iB5Rg/IkBd16JSsvB5h8/rmOWn:n3kBd4vaNWn

    Score
    10/10
    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Tasks