General

  • Target

    http://193.42.40.120:65532/

  • Sample

    240406-hts6hadb2z

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

C2

198.13.46.131:8989

Targets

    • Target

      http://193.42.40.120:65532/

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Stops running service(s)

    • Executes dropped EXE

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

MITRE ATT&CK Enterprise v15

Tasks