General

  • Target

    efb40bfdc5443004bbdfc73d3db82a63a65cadc9a7a53b1e710264513751d8cb

  • Size

    51KB

  • Sample

    241230-qzda8sypew

  • MD5

    2e7c235d6e52147bd848067d14a93716

  • SHA1

    0db89f8678c14fb4565fd8db720614ce6a56289d

  • SHA256

    efb40bfdc5443004bbdfc73d3db82a63a65cadc9a7a53b1e710264513751d8cb

  • SHA512

    ed64f8cd7ba5bcedfcd2aca135d8c1950de7371ac583065b252a9714e0eb32673bc4aff60c38c14f69aed7f4b2280f6a718f7364f8ea5bde3a32d6b3b62b3b20

  • SSDEEP

    1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLUJYH5:1dWubF3n9S91BF3fboQJYH5

Score
10/10

Malware Config

Extracted

Family

gh0strat

C2

kinh.xmcxmr.com

Targets

    • Target

      efb40bfdc5443004bbdfc73d3db82a63a65cadc9a7a53b1e710264513751d8cb

    • Size

      51KB

    • MD5

      2e7c235d6e52147bd848067d14a93716

    • SHA1

      0db89f8678c14fb4565fd8db720614ce6a56289d

    • SHA256

      efb40bfdc5443004bbdfc73d3db82a63a65cadc9a7a53b1e710264513751d8cb

    • SHA512

      ed64f8cd7ba5bcedfcd2aca135d8c1950de7371ac583065b252a9714e0eb32673bc4aff60c38c14f69aed7f4b2280f6a718f7364f8ea5bde3a32d6b3b62b3b20

    • SSDEEP

      1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLUJYH5:1dWubF3n9S91BF3fboQJYH5

    Score
    10/10
    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

MITRE ATT&CK Enterprise v15

Tasks