General

  • Target

    44c220651856acc5554db7067e2cc4205a947044142604f6482952e802cf36b5

  • Size

    141KB

  • Sample

    240422-yz9y7sff9s

  • MD5

    20106927ddeb4caa29d0c4879bc82f3d

  • SHA1

    5bbb91b7c923a3b81ab7baa3122ae1f76a9899f8

  • SHA256

    44c220651856acc5554db7067e2cc4205a947044142604f6482952e802cf36b5

  • SHA512

    11f8b8b0a50026017e21d76c171b44a8f661af63676b95b6ac88a97f06801e97e7f5ebf0b22a5bfa34ca82e2ff8f051ffc6f6dbd141cc6e5656e0250b0cf5c82

  • SSDEEP

    3072:nUDBHy4BBy6eFJrmmIewRxMzJSQ6rVf0SAeq:n0yB6oJrcRMQxrVf3

Score
10/10

Malware Config

Targets

    • Target

      44c220651856acc5554db7067e2cc4205a947044142604f6482952e802cf36b5

    • Size

      141KB

    • MD5

      20106927ddeb4caa29d0c4879bc82f3d

    • SHA1

      5bbb91b7c923a3b81ab7baa3122ae1f76a9899f8

    • SHA256

      44c220651856acc5554db7067e2cc4205a947044142604f6482952e802cf36b5

    • SHA512

      11f8b8b0a50026017e21d76c171b44a8f661af63676b95b6ac88a97f06801e97e7f5ebf0b22a5bfa34ca82e2ff8f051ffc6f6dbd141cc6e5656e0250b0cf5c82

    • SSDEEP

      3072:nUDBHy4BBy6eFJrmmIewRxMzJSQ6rVf0SAeq:n0yB6oJrcRMQxrVf3

    Score
    10/10
    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks