General

  • Target

    2072aa9a71df0b96c0aa24abf5dcd4f4a4d24fa96fc68b1a6ed98fe3b587e0f5

  • Size

    51KB

  • Sample

    241111-t3p1zs1hrd

  • MD5

    a45e941674fac2f2861c9eff627e1402

  • SHA1

    798016af008d9dafc25bf13c1506398554a32086

  • SHA256

    2072aa9a71df0b96c0aa24abf5dcd4f4a4d24fa96fc68b1a6ed98fe3b587e0f5

  • SHA512

    e4858a9aecbad96744b4c245c87aeaba4ffafb6f1734e615382ae7e83f9606a31aeafe2aaaf5eb32dacae2e7af5340626c5059aa378be21dd88f12dd9c889e29

  • SSDEEP

    1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLlJYH5:1dWubF3n9S91BF3fbohJYH5

Score
10/10

Malware Config

Extracted

Family

gh0strat

C2

kinh.xmcxmr.com

Targets

    • Target

      2072aa9a71df0b96c0aa24abf5dcd4f4a4d24fa96fc68b1a6ed98fe3b587e0f5

    • Size

      51KB

    • MD5

      a45e941674fac2f2861c9eff627e1402

    • SHA1

      798016af008d9dafc25bf13c1506398554a32086

    • SHA256

      2072aa9a71df0b96c0aa24abf5dcd4f4a4d24fa96fc68b1a6ed98fe3b587e0f5

    • SHA512

      e4858a9aecbad96744b4c245c87aeaba4ffafb6f1734e615382ae7e83f9606a31aeafe2aaaf5eb32dacae2e7af5340626c5059aa378be21dd88f12dd9c889e29

    • SSDEEP

      1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLlJYH5:1dWubF3n9S91BF3fbohJYH5

    Score
    10/10
    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

MITRE ATT&CK Enterprise v15

Tasks