General

  • Target

    450c867e7021617d47469fa513ceeacf.bin

  • Size

    172KB

  • Sample

    241230-bpxvkatjfj

  • MD5

    901e1cb732e260707f20b56ea1da3c4d

  • SHA1

    880e802d69c864ee4187ae5b72a2255affa5e4d8

  • SHA256

    27403fb1b8bc03de07911fe92a25cad6f25d42c80a101439a16b542cac1aa52d

  • SHA512

    3d39324b6dc0814eda9ea6ed1334f16700be294796f04e3968f2ba0dcdbf486baea5a37ebd5912a6b19a53ce6667399f3517365d0a2b4302182c85b7bbd63569

  • SSDEEP

    3072:0fc6kSyQohqW6Oa881j+ptcL7U1xe3Xv6Z3MJf:0fPyB0Em6mLQAnJf

Score
10/10

Malware Config

Targets

    • Target

      4304d5a2d926061f2e90e64f18a8506dfc6a3bde22ecffa19d0ef035b4ff5a6a.exe

    • Size

      444KB

    • MD5

      450c867e7021617d47469fa513ceeacf

    • SHA1

      f4be056965641edd13660a1ae67b05e43c410673

    • SHA256

      4304d5a2d926061f2e90e64f18a8506dfc6a3bde22ecffa19d0ef035b4ff5a6a

    • SHA512

      4d6cb1709ab2cebe3cb5e749a79e196434c6e54f7752f3cde4d2a8133c052c361bb280aea3d20d4185d2573006f69b38a645d9258d927021336dadb5d760d460

    • SSDEEP

      6144:sjD5NR3fb5DWnFyYLPnc2qrJ51ZkMaJhQCNBU886WtG6gb:85b3fKL02k5XsJht86We

    Score
    10/10
    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • Blocklisted process makes network request

    • Deletes itself

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks