General
-
Target
bx89.exe.zip
-
Size
223KB
-
Sample
230327-lm8t6aeg8z
-
MD5
470920e8455a266abd433586769dbdc6
-
SHA1
d947cfa1220905dfe15926ca19b2b3da40e5aaab
-
SHA256
b4f1c8ddaee20a703db5f5a884986fcb115294d0a5408f26c41900b9ebd24c63
-
SHA512
6ae56ae63ec1b11580b7924470dfa7638b4c41e0a570264a40435bb9fa724e821ba392fff9ab2a875891cb6541e7cf83c54e4f6b0bd249a41f542f6333576e88
-
SSDEEP
6144:EFdvxzi2x1PnMYxjtPzpjeKmkKg+LauwpcUMyr8:EFdv4odMCRPtjesKir8
Malware Config
Targets
-
-
Target
bx89.exe
-
Size
291KB
-
MD5
c57d8ffc61838d5fead88fceb749a06f
-
SHA1
807c0acb337397488ed3b662c4952d9077b391d8
-
SHA256
ae2086e8789ec946f5ed43bf09cc86f407836707169f10d17a3aa8beec05bea2
-
SHA512
eee5250ad9ace8b2504f98f9db1b5e688f66e06bc32a54cdd24013b6758b23d5b25326b346f774cba4c7f03a1fffc6f342a573f74ba58fa3a9b3a3ae0fc22c8a
-
SSDEEP
6144:4nycc7/4D95sqBFR6MXP8A4O66MXP8A4OVoKZt:Mfc7wHBt6MXPA6MXPXh
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Adds Run key to start application
-
Drops file in System32 directory
-