General

  • Target

    dc48261b7477dfadaf2c526901e47e023ac4fff04e7344e0cd4fcd37a0419ad9

  • Size

    5.8MB

  • Sample

    231221-mxejqsbcb6

  • MD5

    df429aab8166b10a4729916282a23f09

  • SHA1

    aceeea4d31bbea805bd6c241236b925a7ec888ea

  • SHA256

    dc48261b7477dfadaf2c526901e47e023ac4fff04e7344e0cd4fcd37a0419ad9

  • SHA512

    e9d2d477c55d8625e84e49cd22e8c69cb2e19838d72e5c6a694e935fe0ea614fe6e541a890fcfe6cd5640872bd3c89edc7c19d3258a2d84ffe18f5ad3ba352cd

  • SSDEEP

    98304:YBGw4JTYdg7szAofgIXl+a4Jkl5UD9Qo934HxM5mxt2Nv6GAsF7EyZ1pjZBTzFE9:YBGw4JmqcxgYl+a4JmUJFIRMAU6AvfjO

Malware Config

Targets

    • Target

      dc48261b7477dfadaf2c526901e47e023ac4fff04e7344e0cd4fcd37a0419ad9

    • Size

      5.8MB

    • MD5

      df429aab8166b10a4729916282a23f09

    • SHA1

      aceeea4d31bbea805bd6c241236b925a7ec888ea

    • SHA256

      dc48261b7477dfadaf2c526901e47e023ac4fff04e7344e0cd4fcd37a0419ad9

    • SHA512

      e9d2d477c55d8625e84e49cd22e8c69cb2e19838d72e5c6a694e935fe0ea614fe6e541a890fcfe6cd5640872bd3c89edc7c19d3258a2d84ffe18f5ad3ba352cd

    • SSDEEP

      98304:YBGw4JTYdg7szAofgIXl+a4Jkl5UD9Qo934HxM5mxt2Nv6GAsF7EyZ1pjZBTzFE9:YBGw4JmqcxgYl+a4JmUJFIRMAU6AvfjO

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks