General
-
Target
b7b4d5f06394d0d5bf9f5d08929e0639fd52cbdc49a16140a8326956ba6d7057
-
Size
261KB
-
Sample
240420-ccl3zaed5y
-
MD5
0f5ee9b030bd02b9c004590516c10e50
-
SHA1
8401ab40b0bee41f1a33d81636ec8951ed284260
-
SHA256
b7b4d5f06394d0d5bf9f5d08929e0639fd52cbdc49a16140a8326956ba6d7057
-
SHA512
0e3384b67e723e22c72bb12c2f0466efbc226d810f588a3797c6a7a1fa91841adaaea6514891ca56a043835e69809c7774b40361593e8666fddb4513edba4476
-
SSDEEP
6144:YtxkogeWOWQSE7MnI23PDvjGsoozQ9bVxbYR8f:YtxkogeWOWxEId3rv6kgxy8f
Malware Config
Targets
-
-
Target
b7b4d5f06394d0d5bf9f5d08929e0639fd52cbdc49a16140a8326956ba6d7057
-
Size
261KB
-
MD5
0f5ee9b030bd02b9c004590516c10e50
-
SHA1
8401ab40b0bee41f1a33d81636ec8951ed284260
-
SHA256
b7b4d5f06394d0d5bf9f5d08929e0639fd52cbdc49a16140a8326956ba6d7057
-
SHA512
0e3384b67e723e22c72bb12c2f0466efbc226d810f588a3797c6a7a1fa91841adaaea6514891ca56a043835e69809c7774b40361593e8666fddb4513edba4476
-
SSDEEP
6144:YtxkogeWOWQSE7MnI23PDvjGsoozQ9bVxbYR8f:YtxkogeWOWxEId3rv6kgxy8f
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-