General
-
Target
0abe743d80059541945a8eb417a662beeaa67b44d71770b9f7abfb472e3718e5
-
Size
134KB
-
Sample
240604-w52hxagb74
-
MD5
a738a013faec479b28aed22efdc81458
-
SHA1
b6804ec498ab2239d6ca0119648bc1e76ec5eef2
-
SHA256
0abe743d80059541945a8eb417a662beeaa67b44d71770b9f7abfb472e3718e5
-
SHA512
3da878f69593119bd03801527f9cf67c964446f25fbacc1e5b53df5f62090d30d40e9e7a0ea83111f4c5134c1df01388d6baf4602a0b76882cbac43da0e2204c
-
SSDEEP
3072:dhPm77B1ZDwB76mVlZ9FArVf0SA3MG5vY:vWd1ZDg7HXArVf65vY
Malware Config
Targets
-
-
Target
0abe743d80059541945a8eb417a662beeaa67b44d71770b9f7abfb472e3718e5
-
Size
134KB
-
MD5
a738a013faec479b28aed22efdc81458
-
SHA1
b6804ec498ab2239d6ca0119648bc1e76ec5eef2
-
SHA256
0abe743d80059541945a8eb417a662beeaa67b44d71770b9f7abfb472e3718e5
-
SHA512
3da878f69593119bd03801527f9cf67c964446f25fbacc1e5b53df5f62090d30d40e9e7a0ea83111f4c5134c1df01388d6baf4602a0b76882cbac43da0e2204c
-
SSDEEP
3072:dhPm77B1ZDwB76mVlZ9FArVf0SA3MG5vY:vWd1ZDg7HXArVf65vY
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Suspicious use of SetThreadContext
-