General

  • Target

    8c5be896b660b59046f1e0990c72fd7abed0f51369a8510e805c1db8f6f582ffN.exe

  • Size

    348KB

  • Sample

    241230-tzq4wazkfk

  • MD5

    bdc1ddc53cbccb1282d8ea5a71e93d00

  • SHA1

    3c0c44b40da2bf72021db3e1bb72f3ab5e3508ba

  • SHA256

    8c5be896b660b59046f1e0990c72fd7abed0f51369a8510e805c1db8f6f582ff

  • SHA512

    3d10acc75e96b18d9b42575de73c19d221c5a2cf7ba58f69ccb4afbc4155ff493b8ed0adbad9c44e729fd2f6d7377aa7a305bc9bb9dccae0aad39df415393cb8

  • SSDEEP

    6144:MJueTkwOwoWOQ3dwaWB28edeP/deUv80P80Ap8UGwoTGHZOWJkqd0K4rG7eVT0S8:ouLwoZQGpnedeP/deUe1ppGjTGHZRT0g

Malware Config

Targets

    • Target

      8c5be896b660b59046f1e0990c72fd7abed0f51369a8510e805c1db8f6f582ffN.exe

    • Size

      348KB

    • MD5

      bdc1ddc53cbccb1282d8ea5a71e93d00

    • SHA1

      3c0c44b40da2bf72021db3e1bb72f3ab5e3508ba

    • SHA256

      8c5be896b660b59046f1e0990c72fd7abed0f51369a8510e805c1db8f6f582ff

    • SHA512

      3d10acc75e96b18d9b42575de73c19d221c5a2cf7ba58f69ccb4afbc4155ff493b8ed0adbad9c44e729fd2f6d7377aa7a305bc9bb9dccae0aad39df415393cb8

    • SSDEEP

      6144:MJueTkwOwoWOQ3dwaWB28edeP/deUv80P80Ap8UGwoTGHZOWJkqd0K4rG7eVT0S8:ouLwoZQGpnedeP/deUe1ppGjTGHZRT0g

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks