General
-
Target
93aab9b8915062b7485e525f3a1dde095cb9ecde795bbb5cadeacc0678305518
-
Size
1.3MB
-
Sample
240525-xwb3bsfc97
-
MD5
55e982207fbdaf7adc0abd88ae6374a3
-
SHA1
c2a19282affac38663120b0737361943792cf0b8
-
SHA256
93aab9b8915062b7485e525f3a1dde095cb9ecde795bbb5cadeacc0678305518
-
SHA512
d24a869abb15653e26bc0ed76befd9b84b7700b0949ef2cf8997f661fc6e7f83c9ad468c70bc5069bcecfb36a4ce5d9dfaab4b75ab1327e6ecbaddb279c308e0
-
SSDEEP
24576:eYFbkIsaPiXSVnC7Yp9zjNmZG8RRl9yyzoqfa1t:eYREXSVMKi3YqfU
Malware Config
Targets
-
-
Target
93aab9b8915062b7485e525f3a1dde095cb9ecde795bbb5cadeacc0678305518
-
Size
1.3MB
-
MD5
55e982207fbdaf7adc0abd88ae6374a3
-
SHA1
c2a19282affac38663120b0737361943792cf0b8
-
SHA256
93aab9b8915062b7485e525f3a1dde095cb9ecde795bbb5cadeacc0678305518
-
SHA512
d24a869abb15653e26bc0ed76befd9b84b7700b0949ef2cf8997f661fc6e7f83c9ad468c70bc5069bcecfb36a4ce5d9dfaab4b75ab1327e6ecbaddb279c308e0
-
SSDEEP
24576:eYFbkIsaPiXSVnC7Yp9zjNmZG8RRl9yyzoqfa1t:eYREXSVMKi3YqfU
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Sets DLL path for service in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-