General
-
Target
54969a0bda4659787e0f8b425e6ef69f60b2439023150c7428f34dc561590955
-
Size
136KB
-
Sample
240526-fa67xafc61
-
MD5
d3e8a42516bdceda359a593ade592b8a
-
SHA1
7dcb9d88b4697d4e8d9d8259f531af75fa738b42
-
SHA256
54969a0bda4659787e0f8b425e6ef69f60b2439023150c7428f34dc561590955
-
SHA512
331075bc3fa99e522acb49bbe4534b18ae4bd285876a6caabae0e6c109db7e180df42577faa58cdbc9ebe3f2e434bfae6f9a6bfc073bfc18f68296bdd2727040
-
SSDEEP
3072:dhPm77B1ZDwB76mVlZ9FArVf0SA3MG5vY:vWd1ZDg7HXArVf65vY
Malware Config
Targets
-
-
Target
54969a0bda4659787e0f8b425e6ef69f60b2439023150c7428f34dc561590955
-
Size
136KB
-
MD5
d3e8a42516bdceda359a593ade592b8a
-
SHA1
7dcb9d88b4697d4e8d9d8259f531af75fa738b42
-
SHA256
54969a0bda4659787e0f8b425e6ef69f60b2439023150c7428f34dc561590955
-
SHA512
331075bc3fa99e522acb49bbe4534b18ae4bd285876a6caabae0e6c109db7e180df42577faa58cdbc9ebe3f2e434bfae6f9a6bfc073bfc18f68296bdd2727040
-
SSDEEP
3072:dhPm77B1ZDwB76mVlZ9FArVf0SA3MG5vY:vWd1ZDg7HXArVf65vY
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Suspicious use of SetThreadContext
-