General

  • Target

    85d8e12539da00db40b7bb23ce0f241dcf8a27bc1f1d050dde5e4e29d6c617bf

  • Size

    358KB

  • Sample

    231210-kvxanacgel

  • MD5

    23fc9b00d4cc9525f9aefa898fb9b1ca

  • SHA1

    728e65830e268efbb148d6adc3fb5b152965ce67

  • SHA256

    85d8e12539da00db40b7bb23ce0f241dcf8a27bc1f1d050dde5e4e29d6c617bf

  • SHA512

    07d4897e64908cca072c1c160fc95cf642814baf6d6f4a86004ffcb1c8f0b409d6984953b183393e778ee3bee1f766cc76370e5f950487d81112fe34cdec4b2f

  • SSDEEP

    6144:K7VkAiWJGxeRJ3ppjySVZEGTDaY1F+C/tf0kzhz1YZ/wXtVO:KqneRZpdLsGSCM8VBhz1+/atA

Malware Config

Targets

    • Target

      85d8e12539da00db40b7bb23ce0f241dcf8a27bc1f1d050dde5e4e29d6c617bf

    • Size

      358KB

    • MD5

      23fc9b00d4cc9525f9aefa898fb9b1ca

    • SHA1

      728e65830e268efbb148d6adc3fb5b152965ce67

    • SHA256

      85d8e12539da00db40b7bb23ce0f241dcf8a27bc1f1d050dde5e4e29d6c617bf

    • SHA512

      07d4897e64908cca072c1c160fc95cf642814baf6d6f4a86004ffcb1c8f0b409d6984953b183393e778ee3bee1f766cc76370e5f950487d81112fe34cdec4b2f

    • SSDEEP

      6144:K7VkAiWJGxeRJ3ppjySVZEGTDaY1F+C/tf0kzhz1YZ/wXtVO:KqneRZpdLsGSCM8VBhz1+/atA

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Blocklisted process makes network request

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks