General

  • Target

    504f0b4f292b056cc80e1a79dacffb8ea58b00586c17d0618c3725d790a4f75eN

  • Size

    51KB

  • Sample

    241031-cmhhjaylbp

  • MD5

    bbf2396bd37c26f5da6ae8abbc9a66a0

  • SHA1

    947e474ce75974166d3031c3e2833aee22d01925

  • SHA256

    504f0b4f292b056cc80e1a79dacffb8ea58b00586c17d0618c3725d790a4f75e

  • SHA512

    e140b3abd1cf80dbbb23d8c7538c7843e3a74ca2d39b50ca64fd9ba879defa51e26ae8e63376d2aeb9fcdf3faab57ecedd4cb8e6c2bcbcf0e1930d0c660949a1

  • SSDEEP

    1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLjJYH5:1dWubF3n9S91BF3fbofJYH5

Score
10/10

Malware Config

Extracted

Family

gh0strat

C2

kinh.xmcxmr.com

Targets

    • Target

      504f0b4f292b056cc80e1a79dacffb8ea58b00586c17d0618c3725d790a4f75eN

    • Size

      51KB

    • MD5

      bbf2396bd37c26f5da6ae8abbc9a66a0

    • SHA1

      947e474ce75974166d3031c3e2833aee22d01925

    • SHA256

      504f0b4f292b056cc80e1a79dacffb8ea58b00586c17d0618c3725d790a4f75e

    • SHA512

      e140b3abd1cf80dbbb23d8c7538c7843e3a74ca2d39b50ca64fd9ba879defa51e26ae8e63376d2aeb9fcdf3faab57ecedd4cb8e6c2bcbcf0e1930d0c660949a1

    • SSDEEP

      1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLjJYH5:1dWubF3n9S91BF3fbofJYH5

    Score
    10/10
    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

MITRE ATT&CK Enterprise v15

Tasks