General
-
Target
e8b47dc9b7ef12f900b0bd04b47af64527a12fda9e08dfa67ae6c39b55d9f02d
-
Size
2.3MB
-
Sample
240425-qkxfkaba9v
-
MD5
5bd70186899c032e2f05fe9894c02698
-
SHA1
5a3a792a406f7a75c58e1b72fe24acffb8b088bd
-
SHA256
e8b47dc9b7ef12f900b0bd04b47af64527a12fda9e08dfa67ae6c39b55d9f02d
-
SHA512
1049c54a7c2ccd36bef6cee5853da8e931889fbe045b0a189e6d13090df8b443ed228f3abe9ba4dc8338eee3a97fd6b6e2a5267e35f9a90a8b35cf109c0ea790
-
SSDEEP
49152:x1vKR2L2PzCOXeiBFuKqFt9yW3Dv5lju+AVJ366N5zr9pgNrZgX8IwQk0:v8TeEFuKqFtcWTRljuZj9pigX8If
Malware Config
Targets
-
-
Target
e8b47dc9b7ef12f900b0bd04b47af64527a12fda9e08dfa67ae6c39b55d9f02d
-
Size
2.3MB
-
MD5
5bd70186899c032e2f05fe9894c02698
-
SHA1
5a3a792a406f7a75c58e1b72fe24acffb8b088bd
-
SHA256
e8b47dc9b7ef12f900b0bd04b47af64527a12fda9e08dfa67ae6c39b55d9f02d
-
SHA512
1049c54a7c2ccd36bef6cee5853da8e931889fbe045b0a189e6d13090df8b443ed228f3abe9ba4dc8338eee3a97fd6b6e2a5267e35f9a90a8b35cf109c0ea790
-
SSDEEP
49152:x1vKR2L2PzCOXeiBFuKqFt9yW3Dv5lju+AVJ366N5zr9pgNrZgX8IwQk0:v8TeEFuKqFtcWTRljuZj9pigX8If
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
UAC bypass
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1