General

  • Target

    f9996872f69549f1e1634395c6d2711a83c94f17cdec36ab6d98d408ec094545

  • Size

    580KB

  • Sample

    240422-wxk6ysee5t

  • MD5

    4e5a387334d5eda1903c1077f24da7d3

  • SHA1

    ca77850ba4f896ce3c6687422f6903e8ca64df75

  • SHA256

    f9996872f69549f1e1634395c6d2711a83c94f17cdec36ab6d98d408ec094545

  • SHA512

    5650a0f630c503c700e17f1cba70bf9720457b108e0e99403e433b8f093863acac02b99239cd280dfef51e7bb69f475307060f634e7ba62f1fe4d3757f6f77ba

  • SSDEEP

    12288:gkrd4t/tY+MBqLgsAPTX3jf9NSmzdCFXjegDffpx+/YwnH7uEhKiaJ:gm4ltY+RgsAn3n4FBDnpsgwSEhKi

Score
10/10

Malware Config

Targets

    • Target

      f9996872f69549f1e1634395c6d2711a83c94f17cdec36ab6d98d408ec094545

    • Size

      580KB

    • MD5

      4e5a387334d5eda1903c1077f24da7d3

    • SHA1

      ca77850ba4f896ce3c6687422f6903e8ca64df75

    • SHA256

      f9996872f69549f1e1634395c6d2711a83c94f17cdec36ab6d98d408ec094545

    • SHA512

      5650a0f630c503c700e17f1cba70bf9720457b108e0e99403e433b8f093863acac02b99239cd280dfef51e7bb69f475307060f634e7ba62f1fe4d3757f6f77ba

    • SSDEEP

      12288:gkrd4t/tY+MBqLgsAPTX3jf9NSmzdCFXjegDffpx+/YwnH7uEhKiaJ:gm4ltY+RgsAn3n4FBDnpsgwSEhKi

    Score
    10/10
    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks