General

  • Target

    e2882ea65672d5cd3bf97496c1cf648316c9b73dc85b5db90a1ffeac52d42144

  • Size

    51KB

  • Sample

    240604-3gvh1sfb2x

  • MD5

    2f0e38c044f285c57295a5e3a2871dd1

  • SHA1

    e965d530e32ef8fb18adf2d9fbfb10c9df33737d

  • SHA256

    e2882ea65672d5cd3bf97496c1cf648316c9b73dc85b5db90a1ffeac52d42144

  • SHA512

    c416495caf2d633590313769cf80f2dc8e3b0189e1fc2e8221b78dd3b7db9177ebdd0c175fcd59b423c670a83d082771395312ceea0904b02aa53e26caa108a5

  • SSDEEP

    1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLTJYH5:1dWubF3n9S91BF3fbovJYH5

Score
10/10

Malware Config

Extracted

Family

gh0strat

C2

kinh.xmcxmr.com

Targets

    • Target

      e2882ea65672d5cd3bf97496c1cf648316c9b73dc85b5db90a1ffeac52d42144

    • Size

      51KB

    • MD5

      2f0e38c044f285c57295a5e3a2871dd1

    • SHA1

      e965d530e32ef8fb18adf2d9fbfb10c9df33737d

    • SHA256

      e2882ea65672d5cd3bf97496c1cf648316c9b73dc85b5db90a1ffeac52d42144

    • SHA512

      c416495caf2d633590313769cf80f2dc8e3b0189e1fc2e8221b78dd3b7db9177ebdd0c175fcd59b423c670a83d082771395312ceea0904b02aa53e26caa108a5

    • SSDEEP

      1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLTJYH5:1dWubF3n9S91BF3fbovJYH5

    Score
    10/10
    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

MITRE ATT&CK Matrix

Tasks