General

  • Target

    34c2d37434cb06c2874a49419d59ab45

  • Size

    228KB

  • Sample

    231225-w6tjpaege7

  • MD5

    34c2d37434cb06c2874a49419d59ab45

  • SHA1

    262fdec6d7ce86ddf2fbf35ec0fa466522bd9428

  • SHA256

    48de6adcb1e991d01fde17b73ec8e5441644e08065ff224bbd53dfbdf51d19d5

  • SHA512

    ab355b7eebbe651ad4681a89d8e46b0ec02eb1940a7110323a04a091dd439b3b888c86f7a88ecbc0ff8581e4340b54b670b318eec5d748bd8d89c923bc7df516

  • SSDEEP

    6144:93ouBn5oP8qxFrthTZW2665Qu46uYF4gK4:7Bn5oP8qxFrXv665Qu46uYe

Malware Config

Targets

    • Target

      34c2d37434cb06c2874a49419d59ab45

    • Size

      228KB

    • MD5

      34c2d37434cb06c2874a49419d59ab45

    • SHA1

      262fdec6d7ce86ddf2fbf35ec0fa466522bd9428

    • SHA256

      48de6adcb1e991d01fde17b73ec8e5441644e08065ff224bbd53dfbdf51d19d5

    • SHA512

      ab355b7eebbe651ad4681a89d8e46b0ec02eb1940a7110323a04a091dd439b3b888c86f7a88ecbc0ff8581e4340b54b670b318eec5d748bd8d89c923bc7df516

    • SSDEEP

      6144:93ouBn5oP8qxFrthTZW2665Qu46uYF4gK4:7Bn5oP8qxFrXv665Qu46uYe

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks