General
-
Target
dbd21a27becfd6c09a1844dc99242edde5af128aead786f59ce124f24a139e33
-
Size
188KB
-
Sample
231106-hx6k1ahg2v
-
MD5
6a0c551a1c5945c3314212f00ec492b8
-
SHA1
a96ca2c4d3f2ec76c62b8880530358dacccee13e
-
SHA256
dbd21a27becfd6c09a1844dc99242edde5af128aead786f59ce124f24a139e33
-
SHA512
b01142692362462204bb894c3dec94fbb8746843ed9dce65b196ba888a5dda08f67daa6c03dcc612b4ffd2482320b8107a1b8a6c3ede429a0b653c0a27d242dc
-
SSDEEP
3072:VUDBHy4BBy6eFJrmmIewRxMoJSQaqrtI/jYmq:V0yB6oJrcR/QRqrGj7
Malware Config
Targets
-
-
Target
dbd21a27becfd6c09a1844dc99242edde5af128aead786f59ce124f24a139e33
-
Size
188KB
-
MD5
6a0c551a1c5945c3314212f00ec492b8
-
SHA1
a96ca2c4d3f2ec76c62b8880530358dacccee13e
-
SHA256
dbd21a27becfd6c09a1844dc99242edde5af128aead786f59ce124f24a139e33
-
SHA512
b01142692362462204bb894c3dec94fbb8746843ed9dce65b196ba888a5dda08f67daa6c03dcc612b4ffd2482320b8107a1b8a6c3ede429a0b653c0a27d242dc
-
SSDEEP
3072:VUDBHy4BBy6eFJrmmIewRxMoJSQaqrtI/jYmq:V0yB6oJrcR/QRqrGj7
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Suspicious use of SetThreadContext
-