General
-
Target
16b41534d5998077df912b572a7c90d3423ab8b67898a74c23fc081771d9dee6
-
Size
1.3MB
-
Sample
240525-ycff3sgb65
-
MD5
3283361f9f3398961778f3a9df74f51c
-
SHA1
e57cbd9615c296b8bc1a824011317b3fad7fa6d3
-
SHA256
16b41534d5998077df912b572a7c90d3423ab8b67898a74c23fc081771d9dee6
-
SHA512
738b04047e72e3d589e20b1eb65d70140e93810120c88a8a3619b389fd9a8918781cbaa7c78d3cfb9871f8705af6b61f08d75d6945ab099e7f1a566ca7776a19
-
SSDEEP
24576:4YFbkIsaPiXSVnC7Yp9zkNmZG8RRlnZyzUjcDER:4YREXSVMDi3neER
Malware Config
Targets
-
-
Target
16b41534d5998077df912b572a7c90d3423ab8b67898a74c23fc081771d9dee6
-
Size
1.3MB
-
MD5
3283361f9f3398961778f3a9df74f51c
-
SHA1
e57cbd9615c296b8bc1a824011317b3fad7fa6d3
-
SHA256
16b41534d5998077df912b572a7c90d3423ab8b67898a74c23fc081771d9dee6
-
SHA512
738b04047e72e3d589e20b1eb65d70140e93810120c88a8a3619b389fd9a8918781cbaa7c78d3cfb9871f8705af6b61f08d75d6945ab099e7f1a566ca7776a19
-
SSDEEP
24576:4YFbkIsaPiXSVnC7Yp9zkNmZG8RRlnZyzUjcDER:4YREXSVMDi3neER
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Sets DLL path for service in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-