General

  • Target

    fb32541431acd9996889006563e7997aa01a25729270d380cd9a144f0e2dbbe1

  • Size

    1.3MB

  • Sample

    240422-tp4l8add8z

  • MD5

    4e43ca5daf0c982cef2cf3f5978d8f2c

  • SHA1

    b0bc3e980512d4ff9c28fea6713768c39e4fd6f5

  • SHA256

    fb32541431acd9996889006563e7997aa01a25729270d380cd9a144f0e2dbbe1

  • SHA512

    74357dc2cd096862548cb5dcd6443831c6ec57c9f7bc9fee9d7109f7cc11985c4f5f53083c358ce6113692509992359b0b166f91e5a5d29ce0942eba6a07faec

  • SSDEEP

    24576:PYFbkIsaPiXSVnC7Yp9zkNmZG8RRlnqyzaWib:PYREXSVMDi3zib

Malware Config

Targets

    • Target

      fb32541431acd9996889006563e7997aa01a25729270d380cd9a144f0e2dbbe1

    • Size

      1.3MB

    • MD5

      4e43ca5daf0c982cef2cf3f5978d8f2c

    • SHA1

      b0bc3e980512d4ff9c28fea6713768c39e4fd6f5

    • SHA256

      fb32541431acd9996889006563e7997aa01a25729270d380cd9a144f0e2dbbe1

    • SHA512

      74357dc2cd096862548cb5dcd6443831c6ec57c9f7bc9fee9d7109f7cc11985c4f5f53083c358ce6113692509992359b0b166f91e5a5d29ce0942eba6a07faec

    • SSDEEP

      24576:PYFbkIsaPiXSVnC7Yp9zkNmZG8RRlnqyzaWib:PYREXSVMDi3zib

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Sets DLL path for service in the registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks