General

  • Target

    8082f105f31688b513757fdbc708d95302292a1c2a31aee645905bffe4fc6dcc

  • Size

    702KB

  • Sample

    240618-3affhsyfjd

  • MD5

    87756224b57553693d378c56330922fb

  • SHA1

    1e41bae5075ce9cbddfae913673805825558fa5d

  • SHA256

    8082f105f31688b513757fdbc708d95302292a1c2a31aee645905bffe4fc6dcc

  • SHA512

    987cf398704651ea51658a0e1d9e99a71f5c4795a81e4dd2283b420b9dae1e895dc940cddfdf1999b2d06d1db9311e0c89d9426be76ff40a31c86e3835a6a2ff

  • SSDEEP

    12288:OaqkdCbSFSlPgKDUc6GikOPLGsAInMXfJd5O6wq+tzTWZQKqouY:OXkdCOFtKDwzP6sAdJLr+BqZQKaY

Malware Config

Targets

    • Target

      8082f105f31688b513757fdbc708d95302292a1c2a31aee645905bffe4fc6dcc

    • Size

      702KB

    • MD5

      87756224b57553693d378c56330922fb

    • SHA1

      1e41bae5075ce9cbddfae913673805825558fa5d

    • SHA256

      8082f105f31688b513757fdbc708d95302292a1c2a31aee645905bffe4fc6dcc

    • SHA512

      987cf398704651ea51658a0e1d9e99a71f5c4795a81e4dd2283b420b9dae1e895dc940cddfdf1999b2d06d1db9311e0c89d9426be76ff40a31c86e3835a6a2ff

    • SSDEEP

      12288:OaqkdCbSFSlPgKDUc6GikOPLGsAInMXfJd5O6wq+tzTWZQKqouY:OXkdCOFtKDwzP6sAdJLr+BqZQKaY

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • UPX dump on OEP (original entry point)

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks