General
-
Target
0ac231eea0af76b43bb40bda076c4413.bin
-
Size
3.9MB
-
Sample
240626-bva8raweja
-
MD5
0ac231eea0af76b43bb40bda076c4413
-
SHA1
b6f7ccb33174d20aca8b48991d384729460d3180
-
SHA256
c17a7b182420e173e0854526cdc357bcd6c8e0b8e89d1b84aeda3abf3f49ed0b
-
SHA512
4fbe87f94862582b34a29f837d7b61646d45db803c9f24d6963e25057276fcf48783f28feb045a310d4f23f08d6ecf2ead33bd7df9ad2f42eb62407f6f5c2d1d
-
SSDEEP
49152:ZuLzMD89v4uLzMD89v4uLzMD89v4uLzMD89v4uLzMD89v4uLzMD89v:QhvNhvNhvNhvNhvNhv
Malware Config
Targets
-
-
Target
0ac231eea0af76b43bb40bda076c4413.bin
-
Size
3.9MB
-
MD5
0ac231eea0af76b43bb40bda076c4413
-
SHA1
b6f7ccb33174d20aca8b48991d384729460d3180
-
SHA256
c17a7b182420e173e0854526cdc357bcd6c8e0b8e89d1b84aeda3abf3f49ed0b
-
SHA512
4fbe87f94862582b34a29f837d7b61646d45db803c9f24d6963e25057276fcf48783f28feb045a310d4f23f08d6ecf2ead33bd7df9ad2f42eb62407f6f5c2d1d
-
SSDEEP
49152:ZuLzMD89v4uLzMD89v4uLzMD89v4uLzMD89v4uLzMD89v4uLzMD89v:QhvNhvNhvNhvNhvNhv
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-