General

  • Target

    707b6f576878ac89c98091274fc1162b6b591f5c7561ce77334a5fcffda4f9de

  • Size

    1.2MB

  • Sample

    250127-3t948szlfv

  • MD5

    0d246c1971c22b83fc01d6335401672d

  • SHA1

    11e8272622708a04f3fb789e6e58900acb7f0ec0

  • SHA256

    707b6f576878ac89c98091274fc1162b6b591f5c7561ce77334a5fcffda4f9de

  • SHA512

    6c6880b9f6ffa9c8ab898e9da827dd6945a000b070a10ec116838dce617813365279d4189df7426fd2b34bb08f2d3daf98a6bdbc2a90020cfa29228d47f6f538

  • SSDEEP

    24576:nYFbkIsaPiXSVnC7Yp9zjNmZG8RRl9xyzS2jsSZ:nYREXSVMKi3MsSZ

Malware Config

Targets

    • Target

      707b6f576878ac89c98091274fc1162b6b591f5c7561ce77334a5fcffda4f9de

    • Size

      1.2MB

    • MD5

      0d246c1971c22b83fc01d6335401672d

    • SHA1

      11e8272622708a04f3fb789e6e58900acb7f0ec0

    • SHA256

      707b6f576878ac89c98091274fc1162b6b591f5c7561ce77334a5fcffda4f9de

    • SHA512

      6c6880b9f6ffa9c8ab898e9da827dd6945a000b070a10ec116838dce617813365279d4189df7426fd2b34bb08f2d3daf98a6bdbc2a90020cfa29228d47f6f538

    • SSDEEP

      24576:nYFbkIsaPiXSVnC7Yp9zjNmZG8RRl9xyzS2jsSZ:nYREXSVMKi3MsSZ

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • Server Software Component: Terminal Services DLL

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.