General
-
Target
1695bb54d473710584deaea09824453d.bin
-
Size
731KB
-
Sample
230328-bkyajaaa6t
-
MD5
8d577aea7d956ef18e46fa9bf492eed8
-
SHA1
5d690be9ded1ee5d9a68c5d47dc2f12affe4883a
-
SHA256
f0d593b714eb6eb4dc95defbfee61d2fd6a165b1e9c30fb6e36ea9380e164686
-
SHA512
1cdfd9f055ed6a9333ec474267add7b18f781903e4c8171f2da243be1ca9104e8be64ea95ff12b879d078009694089f3ffa74a0b689c0ca56043b1e90fd3382f
-
SSDEEP
12288:TjWPs8iUMevrE9+w0wAva3VOl8XShkWLAsgLD1nf1Lf7CPmziD63PU88vLVvvWzt:NaHvA1VYuXXSHxwnfBfVEh3Bn04dsn
Malware Config
Extracted
gh0strat
3012.qmananan.com
Targets
-
-
Target
4065b126e2bab0d42bc96688134c686d610a6bdf3eebeef8659420704f650987.exe
-
Size
756KB
-
MD5
1695bb54d473710584deaea09824453d
-
SHA1
ae6c0208b51ebb24b13af88cab7123480c07beab
-
SHA256
4065b126e2bab0d42bc96688134c686d610a6bdf3eebeef8659420704f650987
-
SHA512
e1074bbbf7530bcfea821087bd45b89f93b2a827a9c68aebcc40338ab80c9fb73e38aef1685b60ac41468236b84824f84772589b846ca18b809f25e83744c521
-
SSDEEP
12288:JxrE/92MglVjlqb3mb/niyWUF5pJNu5e9KXkkMGN7oVGOUwbz/YBrU3s/A1:JdqXLW/iyWUFv0O8oVPUoYBKf
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-