General

  • Target

    c189f2fae32570e2856d2398fa88acad6894751c3611f37807f550b4fc61b1ef

  • Size

    154KB

  • Sample

    240604-mjjljadc7s

  • MD5

    6b68ab996cd11f693dcb3f416dea3d48

  • SHA1

    b3edd058a611c5021367ad257b12d86b041055cd

  • SHA256

    c189f2fae32570e2856d2398fa88acad6894751c3611f37807f550b4fc61b1ef

  • SHA512

    4429847c6d8c73179846fac32ee7168e204b51af5c01b9865c0cdeef6ead2dc0602b49f0885b09c3998f914af135475d6c50a81e3a247790e3579053aadea0ee

  • SSDEEP

    3072:dhPm77B1ZDwB76mVlZ9FArVf0SA3MG5vY:vWd1ZDg7HXArVf65vY

Score
10/10

Malware Config

Targets

    • Target

      c189f2fae32570e2856d2398fa88acad6894751c3611f37807f550b4fc61b1ef

    • Size

      154KB

    • MD5

      6b68ab996cd11f693dcb3f416dea3d48

    • SHA1

      b3edd058a611c5021367ad257b12d86b041055cd

    • SHA256

      c189f2fae32570e2856d2398fa88acad6894751c3611f37807f550b4fc61b1ef

    • SHA512

      4429847c6d8c73179846fac32ee7168e204b51af5c01b9865c0cdeef6ead2dc0602b49f0885b09c3998f914af135475d6c50a81e3a247790e3579053aadea0ee

    • SSDEEP

      3072:dhPm77B1ZDwB76mVlZ9FArVf0SA3MG5vY:vWd1ZDg7HXArVf65vY

    Score
    10/10
    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks