General
-
Target
5a273c6dfd7b925f11e622ae164fb3b1b16f41519ad3aff52b0c33cacd55952d
-
Size
4.2MB
-
Sample
240523-rn459aea7y
-
MD5
32731fefb5badec0681ed1664d552d0d
-
SHA1
46f92f493f4458bcfa0677571a8bf79607e365d3
-
SHA256
5a273c6dfd7b925f11e622ae164fb3b1b16f41519ad3aff52b0c33cacd55952d
-
SHA512
a1d07ab13003ba08b24a823f8ad9ba7df695f1192977d18a94c71ee6332fafb34ed3db6197fc0abacb3e47fcfce34c7ae39cb43fc62440354879127d7bd20f0b
-
SSDEEP
49152:yYREXSVMDi3vbXsPNIULkmp1/j6AeXZG7wmpvGF1IP9z5WuHC4O8b8ITDnl27PLn:X2SVMD8vbXsPN5kiQaZ56
Malware Config
Targets
-
-
Target
5a273c6dfd7b925f11e622ae164fb3b1b16f41519ad3aff52b0c33cacd55952d
-
Size
4.2MB
-
MD5
32731fefb5badec0681ed1664d552d0d
-
SHA1
46f92f493f4458bcfa0677571a8bf79607e365d3
-
SHA256
5a273c6dfd7b925f11e622ae164fb3b1b16f41519ad3aff52b0c33cacd55952d
-
SHA512
a1d07ab13003ba08b24a823f8ad9ba7df695f1192977d18a94c71ee6332fafb34ed3db6197fc0abacb3e47fcfce34c7ae39cb43fc62440354879127d7bd20f0b
-
SSDEEP
49152:yYREXSVMDi3vbXsPNIULkmp1/j6AeXZG7wmpvGF1IP9z5WuHC4O8b8ITDnl27PLn:X2SVMD8vbXsPN5kiQaZ56
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Sets DLL path for service in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-