General

  • Target

    4915e13ff1642028c458dd576c44142f.exe

  • Size

    170KB

  • Sample

    240107-yaastacfdp

  • MD5

    4915e13ff1642028c458dd576c44142f

  • SHA1

    f731af1b5acdcc376cab976eeeaa196646fdbcb9

  • SHA256

    ba18b133270ec5ac4f95db3657754e69a7c210e38d031d8839d6b6def5785a73

  • SHA512

    cabf6cfc707633afcb023e09f34945ace4a0f369ed968e9e20d5b66a1a63a54b69a4b4c75ef00a2124365ec8af2d92033d70450023d9d89de04b5f0d7ed4134a

  • SSDEEP

    3072:ALk395hYXJag6e5gEZDQQghyGl7b20cHPi+0XLTU8xlEl:AQq+eassQg0i2nq+0bTFlQ

Malware Config

Targets

    • Target

      4915e13ff1642028c458dd576c44142f.exe

    • Size

      170KB

    • MD5

      4915e13ff1642028c458dd576c44142f

    • SHA1

      f731af1b5acdcc376cab976eeeaa196646fdbcb9

    • SHA256

      ba18b133270ec5ac4f95db3657754e69a7c210e38d031d8839d6b6def5785a73

    • SHA512

      cabf6cfc707633afcb023e09f34945ace4a0f369ed968e9e20d5b66a1a63a54b69a4b4c75ef00a2124365ec8af2d92033d70450023d9d89de04b5f0d7ed4134a

    • SSDEEP

      3072:ALk395hYXJag6e5gEZDQQghyGl7b20cHPi+0XLTU8xlEl:AQq+eassQg0i2nq+0bTFlQ

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks