General

  • Target

    59fd7df4625ce3480e806144a007080f.bin

  • Size

    288KB

  • Sample

    240505-bqc7jsab2s

  • MD5

    826acf1a10676d89942b5fb41a8aaa99

  • SHA1

    746b5282d5de633ffcd6ac486a2bd5eff4b5b66c

  • SHA256

    19c25bd6ef042acbf3ec1e8e32e0801fd6364bf77d71194c0791bd58eca2abf7

  • SHA512

    eeb71f573d4975ae7e95b47b1393af50e58be237fed7c8ba7310a433fb793f3e7e3ceb759759cb83fe36dbf7c57bf3a5208d4a1e39d2a39910c23d112609e6b9

  • SSDEEP

    6144:rz7TzhoMafG4bgDA/y8QZUFjR9xI+Ckaa5IK7+9B1U1s:/bpa+4key8QZOlzI+Ck5I0+f1U1s

Malware Config

Targets

    • Target

      a6b9710a78f50e1083d7e4c543c477fd6331c7ca47a50c71a182160e5741c1b6.exe

    • Size

      576KB

    • MD5

      59fd7df4625ce3480e806144a007080f

    • SHA1

      e16d898d304af9c9fae5ca78e3241ddd9fee8dc9

    • SHA256

      a6b9710a78f50e1083d7e4c543c477fd6331c7ca47a50c71a182160e5741c1b6

    • SHA512

      e83abeb86c62ad8408953955e970695a48fb257a1d9ffaf7a612e1704e2e02c5b2744691be4601edb575006ac3a99cdd2bc7829de1413c0d0c65c1efc1d44748

    • SSDEEP

      12288:HruM9FNatyT3gNCpOdn/uYcZNJ7QD7HZ5rbx:K+atynpOd/ozJO7HX

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks