General
-
Target
a0d89a8cb7cc1539cae2e1c6e7dee4835506179deab6e5183000ffe30e5f9005
-
Size
1.0MB
-
Sample
240319-m4tl8sad46
-
MD5
4531c46b0844e49db3b482ab0a8aaa99
-
SHA1
8bafe779083ca8a8c1edd9dc7995b1aaec75ccdb
-
SHA256
a0d89a8cb7cc1539cae2e1c6e7dee4835506179deab6e5183000ffe30e5f9005
-
SHA512
a9671f57c624d73266f36449bada1be9fe51e138a35d941ec725f628584fb72961ca5b6ea1e3c943baa3e0f492a56859fe8dd661c7d61309fa9e5dd0c96f0c55
-
SSDEEP
12288:M+UsITPsJnAyGnAMmyZE+qwc1/ConIsrwk9:M+fITPTywNi+qksi
Malware Config
Targets
-
-
Target
a0d89a8cb7cc1539cae2e1c6e7dee4835506179deab6e5183000ffe30e5f9005
-
Size
1.0MB
-
MD5
4531c46b0844e49db3b482ab0a8aaa99
-
SHA1
8bafe779083ca8a8c1edd9dc7995b1aaec75ccdb
-
SHA256
a0d89a8cb7cc1539cae2e1c6e7dee4835506179deab6e5183000ffe30e5f9005
-
SHA512
a9671f57c624d73266f36449bada1be9fe51e138a35d941ec725f628584fb72961ca5b6ea1e3c943baa3e0f492a56859fe8dd661c7d61309fa9e5dd0c96f0c55
-
SSDEEP
12288:M+UsITPsJnAyGnAMmyZE+qwc1/ConIsrwk9:M+fITPTywNi+qksi
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-