General

  • Target

    ab2df32c021243cfa893610bf981a3254138e92ef7186205f84726c7a4490ba8

  • Size

    900KB

  • Sample

    240626-tzaf5avgrq

  • MD5

    d3db267fbd47348b716c5709f5b4c5f6

  • SHA1

    c77b329193083e08e91311a8781fa47fffe313af

  • SHA256

    ab2df32c021243cfa893610bf981a3254138e92ef7186205f84726c7a4490ba8

  • SHA512

    b88bfda4bc8861370bf4df371b955d3fdb7f83623db46d4754c993bfce33db3613799a055ba23127339f409e3ba6da29172e1fe5e5a34aae3076d79f30a155fe

  • SSDEEP

    12288:h384kCHa1LPx0v6IIpqci+phSH0p6Q45iLGsRz1VqSIef6MIfw:hMwa1LPvDi+phE07FMsIf

Score
10/10

Malware Config

Extracted

Family

gh0strat

C2

26.cmananan.com

Targets

    • Target

      ab2df32c021243cfa893610bf981a3254138e92ef7186205f84726c7a4490ba8

    • Size

      900KB

    • MD5

      d3db267fbd47348b716c5709f5b4c5f6

    • SHA1

      c77b329193083e08e91311a8781fa47fffe313af

    • SHA256

      ab2df32c021243cfa893610bf981a3254138e92ef7186205f84726c7a4490ba8

    • SHA512

      b88bfda4bc8861370bf4df371b955d3fdb7f83623db46d4754c993bfce33db3613799a055ba23127339f409e3ba6da29172e1fe5e5a34aae3076d79f30a155fe

    • SSDEEP

      12288:h384kCHa1LPx0v6IIpqci+phSH0p6Q45iLGsRz1VqSIef6MIfw:hMwa1LPvDi+phE07FMsIf

    Score
    10/10
    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks