General
-
Target
48b2bfd8538de2136e7c93ad10a9532f0f81530f2230ba58aca8f714b721932a
-
Size
1.5MB
-
Sample
240525-yjgygsga6v
-
MD5
f0a033681b84753391f9bba21207b711
-
SHA1
12486c0480db64cc6eefd4bd278a4f57ae401721
-
SHA256
48b2bfd8538de2136e7c93ad10a9532f0f81530f2230ba58aca8f714b721932a
-
SHA512
056d666aa75313af3c5ed1f26423c4816ee5489a556e786eda29499021c712b961cc614d2e37e4af16f9e80fc6661bf6a0975c32061a0a5fb19c2db318e89de9
-
SSDEEP
24576:5YFbkIsaPiXSVnC7Yp9zkNmZG8RRln6yzX:5YREXSVMDi3x
Malware Config
Targets
-
-
Target
48b2bfd8538de2136e7c93ad10a9532f0f81530f2230ba58aca8f714b721932a
-
Size
1.5MB
-
MD5
f0a033681b84753391f9bba21207b711
-
SHA1
12486c0480db64cc6eefd4bd278a4f57ae401721
-
SHA256
48b2bfd8538de2136e7c93ad10a9532f0f81530f2230ba58aca8f714b721932a
-
SHA512
056d666aa75313af3c5ed1f26423c4816ee5489a556e786eda29499021c712b961cc614d2e37e4af16f9e80fc6661bf6a0975c32061a0a5fb19c2db318e89de9
-
SSDEEP
24576:5YFbkIsaPiXSVnC7Yp9zkNmZG8RRln6yzX:5YREXSVMDi3x
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Sets DLL path for service in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-