General

  • Target

    be7fac00017965592b4983826dcb05f778acdfb7bac32e68b2388966fde44471

  • Size

    51KB

  • Sample

    241230-ymgrwsymex

  • MD5

    966a81143f0648cf6953631362715524

  • SHA1

    70613186def35b1cc1d179ed5bc57f0e89d615c3

  • SHA256

    be7fac00017965592b4983826dcb05f778acdfb7bac32e68b2388966fde44471

  • SHA512

    155b8aa323bfcbaeed27e742d38c826aa6c85a339353d87bc10247523e07dc88e15964a8804de7a4cd233c8bd8397b8c482cc4bf33f11d8aa0b7847a9c21b257

  • SSDEEP

    1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLPJYH5:1dWubF3n9S91BF3fbojJYH5

Score
10/10

Malware Config

Extracted

Family

gh0strat

C2

kinh.xmcxmr.com

Targets

    • Target

      be7fac00017965592b4983826dcb05f778acdfb7bac32e68b2388966fde44471

    • Size

      51KB

    • MD5

      966a81143f0648cf6953631362715524

    • SHA1

      70613186def35b1cc1d179ed5bc57f0e89d615c3

    • SHA256

      be7fac00017965592b4983826dcb05f778acdfb7bac32e68b2388966fde44471

    • SHA512

      155b8aa323bfcbaeed27e742d38c826aa6c85a339353d87bc10247523e07dc88e15964a8804de7a4cd233c8bd8397b8c482cc4bf33f11d8aa0b7847a9c21b257

    • SSDEEP

      1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLPJYH5:1dWubF3n9S91BF3fbojJYH5

    Score
    10/10
    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

MITRE ATT&CK Enterprise v15

Tasks