General

  • Target

    612baf1f943986435bbbe63cb25d0fabcd88491a56e23ded0e6de86b296fb3ad

  • Size

    532KB

  • Sample

    241029-zj9tyazbmf

  • MD5

    b824c75a1761c41eca0983f41bf8e65c

  • SHA1

    bb30b43e57f1fb60e3a1bd503882c7d9812947a7

  • SHA256

    612baf1f943986435bbbe63cb25d0fabcd88491a56e23ded0e6de86b296fb3ad

  • SHA512

    80851763ce634fbd3b7e3398e3eb51fbc5b0f452aca1199f82c42bb78ae67f2d7c3356ce6c773bb444f21c9a08b7c4e3d16d3d2b6b3538e6dc93ea6a32d93db8

  • SSDEEP

    12288:KRdy3HCdZyyXlG47Of9daZF+EnBEnAzr+zbSN2RJ:KRqCdZyyXlG4QKiIySN2R

Score
10/10

Malware Config

Targets

    • Target

      612baf1f943986435bbbe63cb25d0fabcd88491a56e23ded0e6de86b296fb3ad

    • Size

      532KB

    • MD5

      b824c75a1761c41eca0983f41bf8e65c

    • SHA1

      bb30b43e57f1fb60e3a1bd503882c7d9812947a7

    • SHA256

      612baf1f943986435bbbe63cb25d0fabcd88491a56e23ded0e6de86b296fb3ad

    • SHA512

      80851763ce634fbd3b7e3398e3eb51fbc5b0f452aca1199f82c42bb78ae67f2d7c3356ce6c773bb444f21c9a08b7c4e3d16d3d2b6b3538e6dc93ea6a32d93db8

    • SSDEEP

      12288:KRdy3HCdZyyXlG47Of9daZF+EnBEnAzr+zbSN2RJ:KRqCdZyyXlG4QKiIySN2R

    Score
    10/10
    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks