General
-
Target
b2b932bd02b0f2511db8b5c3b5759dc901ed4ca6446948170ad573fe7df58e9e
-
Size
3.5MB
-
Sample
240523-vza84aad93
-
MD5
8e1d90f09e0627a3b6225ae5be6ce80d
-
SHA1
578fd8c25ce5ef60dd5786940e90a44f3ff420cc
-
SHA256
b2b932bd02b0f2511db8b5c3b5759dc901ed4ca6446948170ad573fe7df58e9e
-
SHA512
9ae682cf05c361e49778f5fb589c5da00997919ce72ea56a7cf588560557b77e9b93e4ea450ee2dce972c41216a9c51e0b4ba2ffecfde60f00ca579f7939a65d
-
SSDEEP
98304:A1VVv28GMAMV4nsmtk2aSrJpmPhekGZvQYocMRMh6:ytGLLpt6
Malware Config
Targets
-
-
Target
b2b932bd02b0f2511db8b5c3b5759dc901ed4ca6446948170ad573fe7df58e9e
-
Size
3.5MB
-
MD5
8e1d90f09e0627a3b6225ae5be6ce80d
-
SHA1
578fd8c25ce5ef60dd5786940e90a44f3ff420cc
-
SHA256
b2b932bd02b0f2511db8b5c3b5759dc901ed4ca6446948170ad573fe7df58e9e
-
SHA512
9ae682cf05c361e49778f5fb589c5da00997919ce72ea56a7cf588560557b77e9b93e4ea450ee2dce972c41216a9c51e0b4ba2ffecfde60f00ca579f7939a65d
-
SSDEEP
98304:A1VVv28GMAMV4nsmtk2aSrJpmPhekGZvQYocMRMh6:ytGLLpt6
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Sets DLL path for service in the registry
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-