General

  • Target

    84e3df6b415ad077cb5bd639e67653c96f1bc7d26b016aae8784b92c34963fb0

  • Size

    330KB

  • Sample

    231211-jsn1tsada5

  • MD5

    022208d4a5a39f35c4208f6d1015ec87

  • SHA1

    bd756c299f2d20870dc6fba073d52080ddf2c44c

  • SHA256

    84e3df6b415ad077cb5bd639e67653c96f1bc7d26b016aae8784b92c34963fb0

  • SHA512

    f790c534a1984a962d1517ac49cfdfb2f557d7f5ca92b45b522426609958e0fd2f36cd11cfc2c471249ba6304f13cf24936ddac35cbb461f9ea53c1a414eb119

  • SSDEEP

    6144:+/VKP+xsudAM6JWGsSPhhStpC61i9VsKmIEUuW6Ndnrnx:+APssUw1LS7i9VsptUufrnx

Malware Config

Targets

    • Target

      84e3df6b415ad077cb5bd639e67653c96f1bc7d26b016aae8784b92c34963fb0

    • Size

      330KB

    • MD5

      022208d4a5a39f35c4208f6d1015ec87

    • SHA1

      bd756c299f2d20870dc6fba073d52080ddf2c44c

    • SHA256

      84e3df6b415ad077cb5bd639e67653c96f1bc7d26b016aae8784b92c34963fb0

    • SHA512

      f790c534a1984a962d1517ac49cfdfb2f557d7f5ca92b45b522426609958e0fd2f36cd11cfc2c471249ba6304f13cf24936ddac35cbb461f9ea53c1a414eb119

    • SSDEEP

      6144:+/VKP+xsudAM6JWGsSPhhStpC61i9VsKmIEUuW6Ndnrnx:+APssUw1LS7i9VsptUufrnx

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Blocklisted process makes network request

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks