General
-
Target
f9917e2ea993b3d6f29b9fed86124c2bfb7e686749d8c99eca5dc4514b1bb167
-
Size
1.5MB
-
Sample
240420-ev6ansha7z
-
MD5
d1f101cdac6ecc4b82f79fb6d2176877
-
SHA1
d92d48adfdf4981b318ba14b69a50ee214ae0759
-
SHA256
f9917e2ea993b3d6f29b9fed86124c2bfb7e686749d8c99eca5dc4514b1bb167
-
SHA512
1cdf474e8401d6e477bec7af48e367ad6a1aaff848569546da151c1204d2b8a0b7cecda44608969962768cd9c33381c7d23a07a312e1a9fb62f2d4ddfba5b7fc
-
SSDEEP
24576:+YFbkIsaPiXSVnC7Yp9zjNmZG8RRl9HFyzHt:+YREXSVMKi3a
Malware Config
Targets
-
-
Target
f9917e2ea993b3d6f29b9fed86124c2bfb7e686749d8c99eca5dc4514b1bb167
-
Size
1.5MB
-
MD5
d1f101cdac6ecc4b82f79fb6d2176877
-
SHA1
d92d48adfdf4981b318ba14b69a50ee214ae0759
-
SHA256
f9917e2ea993b3d6f29b9fed86124c2bfb7e686749d8c99eca5dc4514b1bb167
-
SHA512
1cdf474e8401d6e477bec7af48e367ad6a1aaff848569546da151c1204d2b8a0b7cecda44608969962768cd9c33381c7d23a07a312e1a9fb62f2d4ddfba5b7fc
-
SSDEEP
24576:+YFbkIsaPiXSVnC7Yp9zjNmZG8RRl9HFyzHt:+YREXSVMKi3a
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Sets DLL path for service in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-