General

  • Target

    ec994ab8c824403106230cebaadd8161d38e23cb5773e5c9275aba25e923e03f

  • Size

    4.6MB

  • Sample

    240619-f6t78avcqf

  • MD5

    526c44bc7038bc34c5807ddbb19f64a4

  • SHA1

    ec1132faf8687465c6fe5348780da84535b0df0b

  • SHA256

    ec994ab8c824403106230cebaadd8161d38e23cb5773e5c9275aba25e923e03f

  • SHA512

    bf3e7fd95cef8689e2d3730f928d273794ffd9ec809949d7d8b74934831054bdc47017acba2253d81b8802c42ee8ce825323d771fad758f917141aad871720d9

  • SSDEEP

    49152:XYREXSVMKi31bXsPNIULkmp1/j6AeXZG7wmpvGF1IP9z5WuHC4O8b8ITDnl27PLn:I2SVMK81bXsPN5kiQaZ56

Malware Config

Targets

    • Target

      ec994ab8c824403106230cebaadd8161d38e23cb5773e5c9275aba25e923e03f

    • Size

      4.6MB

    • MD5

      526c44bc7038bc34c5807ddbb19f64a4

    • SHA1

      ec1132faf8687465c6fe5348780da84535b0df0b

    • SHA256

      ec994ab8c824403106230cebaadd8161d38e23cb5773e5c9275aba25e923e03f

    • SHA512

      bf3e7fd95cef8689e2d3730f928d273794ffd9ec809949d7d8b74934831054bdc47017acba2253d81b8802c42ee8ce825323d771fad758f917141aad871720d9

    • SSDEEP

      49152:XYREXSVMKi31bXsPNIULkmp1/j6AeXZG7wmpvGF1IP9z5WuHC4O8b8ITDnl27PLn:I2SVMK81bXsPN5kiQaZ56

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Server Software Component: Terminal Services DLL

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks