General

  • Target

    c2cd7559bc0e6e6cc250a5c26559f2d73f8e44e46832207c51e854e1492f635f

  • Size

    9.4MB

  • Sample

    240428-z3115shd32

  • MD5

    fb4dbbabc5cb12cdf0e7a3410089e382

  • SHA1

    2a72c6b23e11a007f7b4a73c37232a0ab468da0e

  • SHA256

    c2cd7559bc0e6e6cc250a5c26559f2d73f8e44e46832207c51e854e1492f635f

  • SHA512

    5b2a4906298ee2de0b443ce8793c07167c98ffd0e3ff910584f9a5b8d2e31c4e05015f759c7eacc08eb70c1532b8a1ae92dee2b17d51f66fb4b90cdc5c0d6689

  • SSDEEP

    6144:AQyLEbWaR5CcyzKKwPo+B1IcWn29BpwNZHZLpy2JhhhhhhhhhhhhhhhZb5HHHHH/:BUaWaR5vHsco2tw1LHRp

Malware Config

Extracted

Family

gh0strat

C2

192.252.182.95

Targets

    • Target

      c2cd7559bc0e6e6cc250a5c26559f2d73f8e44e46832207c51e854e1492f635f

    • Size

      9.4MB

    • MD5

      fb4dbbabc5cb12cdf0e7a3410089e382

    • SHA1

      2a72c6b23e11a007f7b4a73c37232a0ab468da0e

    • SHA256

      c2cd7559bc0e6e6cc250a5c26559f2d73f8e44e46832207c51e854e1492f635f

    • SHA512

      5b2a4906298ee2de0b443ce8793c07167c98ffd0e3ff910584f9a5b8d2e31c4e05015f759c7eacc08eb70c1532b8a1ae92dee2b17d51f66fb4b90cdc5c0d6689

    • SSDEEP

      6144:AQyLEbWaR5CcyzKKwPo+B1IcWn29BpwNZHZLpy2JhhhhhhhhhhhhhhhZb5HHHHH/:BUaWaR5vHsco2tw1LHRp

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks