General

  • Target

    b2e5250416f92de42cfc20c2e0643b4a

  • Size

    105KB

  • Sample

    240304-xxrt6sbf48

  • MD5

    b2e5250416f92de42cfc20c2e0643b4a

  • SHA1

    6a89c1033c082e93be2b8ea3df3a8d9d9bab69aa

  • SHA256

    6b05ed7e5b924194544b0a9e20d6c43d8b53d2e53b64c5e3e22b2081329d048e

  • SHA512

    198e7f93160c6dc66155500b062d718e859ef645e850994109590539ff7e97780f20b28fda92ad90eed057241c53ba5478ff867f4abef6eb313b0abc17617bcd

  • SSDEEP

    3072:AXbTlJWxt90WmS7mbySjzk9yYxtMBU8Ww0FsxXGks4D:s3lJWxt9NmkmbySjzxmMW7w0GxXps4D

Malware Config

Targets

    • Target

      b2e5250416f92de42cfc20c2e0643b4a

    • Size

      105KB

    • MD5

      b2e5250416f92de42cfc20c2e0643b4a

    • SHA1

      6a89c1033c082e93be2b8ea3df3a8d9d9bab69aa

    • SHA256

      6b05ed7e5b924194544b0a9e20d6c43d8b53d2e53b64c5e3e22b2081329d048e

    • SHA512

      198e7f93160c6dc66155500b062d718e859ef645e850994109590539ff7e97780f20b28fda92ad90eed057241c53ba5478ff867f4abef6eb313b0abc17617bcd

    • SSDEEP

      3072:AXbTlJWxt90WmS7mbySjzk9yYxtMBU8Ww0FsxXGks4D:s3lJWxt9NmkmbySjzxmMW7w0GxXps4D

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Drops file in Drivers directory

    • Sets DLL path for service in the registry

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks