General

  • Target

    4065b126e2bab0d42bc96688134c686d610a6bdf3eebeef8659420704f650987

  • Size

    756KB

  • Sample

    230326-ss2flaah7v

  • MD5

    1695bb54d473710584deaea09824453d

  • SHA1

    ae6c0208b51ebb24b13af88cab7123480c07beab

  • SHA256

    4065b126e2bab0d42bc96688134c686d610a6bdf3eebeef8659420704f650987

  • SHA512

    e1074bbbf7530bcfea821087bd45b89f93b2a827a9c68aebcc40338ab80c9fb73e38aef1685b60ac41468236b84824f84772589b846ca18b809f25e83744c521

  • SSDEEP

    12288:JxrE/92MglVjlqb3mb/niyWUF5pJNu5e9KXkkMGN7oVGOUwbz/YBrU3s/A1:JdqXLW/iyWUFv0O8oVPUoYBKf

Score
10/10

Malware Config

Extracted

Family

gh0strat

C2

3012.qmananan.com

Targets

    • Target

      4065b126e2bab0d42bc96688134c686d610a6bdf3eebeef8659420704f650987

    • Size

      756KB

    • MD5

      1695bb54d473710584deaea09824453d

    • SHA1

      ae6c0208b51ebb24b13af88cab7123480c07beab

    • SHA256

      4065b126e2bab0d42bc96688134c686d610a6bdf3eebeef8659420704f650987

    • SHA512

      e1074bbbf7530bcfea821087bd45b89f93b2a827a9c68aebcc40338ab80c9fb73e38aef1685b60ac41468236b84824f84772589b846ca18b809f25e83744c521

    • SSDEEP

      12288:JxrE/92MglVjlqb3mb/niyWUF5pJNu5e9KXkkMGN7oVGOUwbz/YBrU3s/A1:JdqXLW/iyWUFv0O8oVPUoYBKf

    Score
    10/10
    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Tasks