General

  • Target

    59fd7df4625ce3480e806144a007080f.exe

  • Size

    576KB

  • Sample

    240503-1bwg1sac32

  • MD5

    59fd7df4625ce3480e806144a007080f

  • SHA1

    e16d898d304af9c9fae5ca78e3241ddd9fee8dc9

  • SHA256

    a6b9710a78f50e1083d7e4c543c477fd6331c7ca47a50c71a182160e5741c1b6

  • SHA512

    e83abeb86c62ad8408953955e970695a48fb257a1d9ffaf7a612e1704e2e02c5b2744691be4601edb575006ac3a99cdd2bc7829de1413c0d0c65c1efc1d44748

  • SSDEEP

    12288:HruM9FNatyT3gNCpOdn/uYcZNJ7QD7HZ5rbx:K+atynpOd/ozJO7HX

Malware Config

Targets

    • Target

      59fd7df4625ce3480e806144a007080f.exe

    • Size

      576KB

    • MD5

      59fd7df4625ce3480e806144a007080f

    • SHA1

      e16d898d304af9c9fae5ca78e3241ddd9fee8dc9

    • SHA256

      a6b9710a78f50e1083d7e4c543c477fd6331c7ca47a50c71a182160e5741c1b6

    • SHA512

      e83abeb86c62ad8408953955e970695a48fb257a1d9ffaf7a612e1704e2e02c5b2744691be4601edb575006ac3a99cdd2bc7829de1413c0d0c65c1efc1d44748

    • SSDEEP

      12288:HruM9FNatyT3gNCpOdn/uYcZNJ7QD7HZ5rbx:K+atynpOd/ozJO7HX

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks