General

  • Target

    445994ec321f2a4e4f43700fee16ac6cb8e87344f9a50cdf53602686194d6ca4

  • Size

    1.2MB

  • Sample

    240619-f6t78ayhqp

  • MD5

    e7dce99dd405bef957f7b6ba4ca0399c

  • SHA1

    c819d2d77417e45b436f0444dacdfc948d7e1e46

  • SHA256

    445994ec321f2a4e4f43700fee16ac6cb8e87344f9a50cdf53602686194d6ca4

  • SHA512

    877dafa69541ee771c0affce1a8d881ffdb02945bf2fcd97b41c5e58c9c64eeea4587a80271366a707f89ad312807614f4971026848d7e2ee5cd3d24b674e3a7

  • SSDEEP

    24576:kYFbkIsaPiXSVnC7Yp9zjNmZG8RRl9ayzZsI4Hv:kYREXSVMKi3u

Malware Config

Targets

    • Target

      445994ec321f2a4e4f43700fee16ac6cb8e87344f9a50cdf53602686194d6ca4

    • Size

      1.2MB

    • MD5

      e7dce99dd405bef957f7b6ba4ca0399c

    • SHA1

      c819d2d77417e45b436f0444dacdfc948d7e1e46

    • SHA256

      445994ec321f2a4e4f43700fee16ac6cb8e87344f9a50cdf53602686194d6ca4

    • SHA512

      877dafa69541ee771c0affce1a8d881ffdb02945bf2fcd97b41c5e58c9c64eeea4587a80271366a707f89ad312807614f4971026848d7e2ee5cd3d24b674e3a7

    • SSDEEP

      24576:kYFbkIsaPiXSVnC7Yp9zjNmZG8RRl9ayzZsI4Hv:kYREXSVMKi3u

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Server Software Component: Terminal Services DLL

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks