General

  • Target

    8302a0b1569b7fa54162c927604ed4b473447ed3d1e32d69c0588b4645e66193

  • Size

    282KB

  • Sample

    240428-wy9wpsea4z

  • MD5

    08fffab38bc8c4fdd058bb8259b13239

  • SHA1

    62e11750d4637256222a499b641823a79df0a951

  • SHA256

    8302a0b1569b7fa54162c927604ed4b473447ed3d1e32d69c0588b4645e66193

  • SHA512

    c79d173cb935e326b6f9a70ff0974b1e0cec2db6c58bd46a6bd10a70964a3ac92eef3899184c00737d6371dd7cc0245fdd88c229d8216818b23342e50119a5be

  • SSDEEP

    6144:ME4rib+K6Zpa4C4jLvkjbtMjvpbYZ651NN+uBSTZ5D:MlibsZpa4Nkje9j2Yat

Score
10/10

Malware Config

Targets

    • Target

      8302a0b1569b7fa54162c927604ed4b473447ed3d1e32d69c0588b4645e66193

    • Size

      282KB

    • MD5

      08fffab38bc8c4fdd058bb8259b13239

    • SHA1

      62e11750d4637256222a499b641823a79df0a951

    • SHA256

      8302a0b1569b7fa54162c927604ed4b473447ed3d1e32d69c0588b4645e66193

    • SHA512

      c79d173cb935e326b6f9a70ff0974b1e0cec2db6c58bd46a6bd10a70964a3ac92eef3899184c00737d6371dd7cc0245fdd88c229d8216818b23342e50119a5be

    • SSDEEP

      6144:ME4rib+K6Zpa4C4jLvkjbtMjvpbYZ651NN+uBSTZ5D:MlibsZpa4Nkje9j2Yat

    Score
    10/10
    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks