General

  • Target

    SignalSetup.msi

  • Size

    150.8MB

  • Sample

    240712-nc2dfa1cqj

  • MD5

    75b8008f805e2464792de8e9ad824207

  • SHA1

    3426ce901e21b195e4609153c509b595b71edeb2

  • SHA256

    852b7be78f53bb6052f4b1cb2908c62caaa09524b442356430c0166f4bbe47d5

  • SHA512

    96a5374bef016c3ddcc6cf4223d358fcd2fe777254dc381b623f6253e450d7fef2426db57141f208bfd01909ba152251da89137cccd54c4136ea24b4ae8b8c7f

  • SSDEEP

    3145728:NMrQiDKQ5KqsKcnBzeAjmtYeV0QCSEiEze7ZXzLkYMPlSNRRDu:IjKQ5sK6BzTiYe2QvE9yDoE/RD

Malware Config

Targets

    • Target

      SignalSetup.msi

    • Size

      150.8MB

    • MD5

      75b8008f805e2464792de8e9ad824207

    • SHA1

      3426ce901e21b195e4609153c509b595b71edeb2

    • SHA256

      852b7be78f53bb6052f4b1cb2908c62caaa09524b442356430c0166f4bbe47d5

    • SHA512

      96a5374bef016c3ddcc6cf4223d358fcd2fe777254dc381b623f6253e450d7fef2426db57141f208bfd01909ba152251da89137cccd54c4136ea24b4ae8b8c7f

    • SSDEEP

      3145728:NMrQiDKQ5KqsKcnBzeAjmtYeV0QCSEiEze7ZXzLkYMPlSNRRDu:IjKQ5sK6BzTiYe2QvE9yDoE/RD

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks