General
-
Target
e17549fd46db65983fda4e38de41278227dde208635157999b5a53d6f696ebee.exe
-
Size
137KB
-
Sample
250127-lpp5tstmhl
-
MD5
0b2044e1b30d1f373e5d0844d017c4ca
-
SHA1
6287650987d1283f98e825b2a3f39af84540c9ef
-
SHA256
e17549fd46db65983fda4e38de41278227dde208635157999b5a53d6f696ebee
-
SHA512
e4c76e7cf99d36625504d3a58cfdfb42fbcb83e9a1d863bce1dbb33d2c00ec390eac29cd929e49a5e0625e4cc1bffa6d22bcb2f2f5a62044bb3ac2d25e99fe33
-
SSDEEP
3072:iR02WMK8RJGInTlhnaBanONVk40rpg4yeF/TyUGSK9FrafcUksPxx6iTUug:n25GgFny61mrai
Malware Config
Targets
-
-
Target
e17549fd46db65983fda4e38de41278227dde208635157999b5a53d6f696ebee.exe
-
Size
137KB
-
MD5
0b2044e1b30d1f373e5d0844d017c4ca
-
SHA1
6287650987d1283f98e825b2a3f39af84540c9ef
-
SHA256
e17549fd46db65983fda4e38de41278227dde208635157999b5a53d6f696ebee
-
SHA512
e4c76e7cf99d36625504d3a58cfdfb42fbcb83e9a1d863bce1dbb33d2c00ec390eac29cd929e49a5e0625e4cc1bffa6d22bcb2f2f5a62044bb3ac2d25e99fe33
-
SSDEEP
3072:iR02WMK8RJGInTlhnaBanONVk40rpg4yeF/TyUGSK9FrafcUksPxx6iTUug:n25GgFny61mrai
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Gh0strat family
-
Boot or Logon Autostart Execution: Port Monitors
Adversaries may use port monitors to run an adversary supplied DLL during system boot for persistence or privilege escalation.
-
Sets service image path in registry
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Drops file in System32 directory
-