General

  • Target

    587bc07d6cafd6347f6b1b2af06d66298ca0c8a8f3d24ac5f7cdcecdaebc38ef

  • Size

    49KB

  • Sample

    241118-xryersshme

  • MD5

    97d6c8f756b1243ffe91e10313adfe1d

  • SHA1

    54a498a8044ca7f00d9b5a8ae0ed81d92470f53e

  • SHA256

    587bc07d6cafd6347f6b1b2af06d66298ca0c8a8f3d24ac5f7cdcecdaebc38ef

  • SHA512

    87bef0f02a84ca2cb937f074f6f5a918eeebdd8188e00e7eea7864cf573f650a174869a4221de0e169974cbfcc901356b55a07a5e34cb7223fbf3a5ed1f3ea78

  • SSDEEP

    1536:CDwMsml26T5zBj+alf1H9jfbyqkY4ZvoDUb/gJOnJYHB9ElHS:Cn7zBjPp1H9ovoDa/gJYJYHBWZS

Score
10/10

Malware Config

Extracted

Family

gh0strat

C2

cf1549064127.f3322.net

Targets

    • Target

      587bc07d6cafd6347f6b1b2af06d66298ca0c8a8f3d24ac5f7cdcecdaebc38ef

    • Size

      49KB

    • MD5

      97d6c8f756b1243ffe91e10313adfe1d

    • SHA1

      54a498a8044ca7f00d9b5a8ae0ed81d92470f53e

    • SHA256

      587bc07d6cafd6347f6b1b2af06d66298ca0c8a8f3d24ac5f7cdcecdaebc38ef

    • SHA512

      87bef0f02a84ca2cb937f074f6f5a918eeebdd8188e00e7eea7864cf573f650a174869a4221de0e169974cbfcc901356b55a07a5e34cb7223fbf3a5ed1f3ea78

    • SSDEEP

      1536:CDwMsml26T5zBj+alf1H9jfbyqkY4ZvoDUb/gJOnJYHB9ElHS:Cn7zBjPp1H9ovoDa/gJYJYHBWZS

    Score
    10/10
    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

MITRE ATT&CK Enterprise v15

Tasks