General

  • Target

    148c5b2cb00c6f578823dfddd779b77bee344ef27cbe22009dec9b5c834ad6d3

  • Size

    380KB

  • Sample

    240124-axh6psdfdl

  • MD5

    12309943b39c69df6370ff403d7a4171

  • SHA1

    bc836b00a639388422e08ae612ac6dbcf948dbfa

  • SHA256

    148c5b2cb00c6f578823dfddd779b77bee344ef27cbe22009dec9b5c834ad6d3

  • SHA512

    034bf62c46c9ae128abfb4c2f4ddc87c436b2fcdc7449f18304b4f0e0597888a01ad7e6262c99bcbd1b6d53fa588d0cd3ebd0da138a719eb81906719c746b1ba

  • SSDEEP

    3072:VfK/yLrQbWaR5Qax8qr/YtImroxSnOPMfZSa3aVz9TWFHZg:VeyLEbWaR5CqrPioxSOUH3abWFHZg

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_http

C2

http://192.168.5.121:8000/8R_B1

Extracted

Family

gh0strat

C2

free.idcfengye.com

Targets

    • Target

      148c5b2cb00c6f578823dfddd779b77bee344ef27cbe22009dec9b5c834ad6d3

    • Size

      380KB

    • MD5

      12309943b39c69df6370ff403d7a4171

    • SHA1

      bc836b00a639388422e08ae612ac6dbcf948dbfa

    • SHA256

      148c5b2cb00c6f578823dfddd779b77bee344ef27cbe22009dec9b5c834ad6d3

    • SHA512

      034bf62c46c9ae128abfb4c2f4ddc87c436b2fcdc7449f18304b4f0e0597888a01ad7e6262c99bcbd1b6d53fa588d0cd3ebd0da138a719eb81906719c746b1ba

    • SSDEEP

      3072:VfK/yLrQbWaR5Qax8qr/YtImroxSnOPMfZSa3aVz9TWFHZg:VeyLEbWaR5CqrPioxSOUH3abWFHZg

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

MITRE ATT&CK Matrix

Tasks