General
-
Target
53d0da8f7f0f298ea57ebd321464068e88278736e29fcdde3372060d8fac2746
-
Size
137KB
-
Sample
250307-krxr1sxtg1
-
MD5
9f38e75a40a24518ffba86aedb543fde
-
SHA1
8400349d529280a634318599e4f3c6aad2435909
-
SHA256
53d0da8f7f0f298ea57ebd321464068e88278736e29fcdde3372060d8fac2746
-
SHA512
6d14bd3713ba0da150148efc8bb3c79504851f88ce0e2c1bf128a99f6052d1c02d19ffd081bcb30d0ab028899cebcdf8bd83e817a4da426826d8ac23f24b0b89
-
SSDEEP
3072:jR02WMK8RJGInTlhnaBanONVk40rpg4yeF/TyUGSK9FrafcUksPxx6iTUuD:u25GgFny61mrah
Malware Config
Targets
-
-
Target
53d0da8f7f0f298ea57ebd321464068e88278736e29fcdde3372060d8fac2746
-
Size
137KB
-
MD5
9f38e75a40a24518ffba86aedb543fde
-
SHA1
8400349d529280a634318599e4f3c6aad2435909
-
SHA256
53d0da8f7f0f298ea57ebd321464068e88278736e29fcdde3372060d8fac2746
-
SHA512
6d14bd3713ba0da150148efc8bb3c79504851f88ce0e2c1bf128a99f6052d1c02d19ffd081bcb30d0ab028899cebcdf8bd83e817a4da426826d8ac23f24b0b89
-
SSDEEP
3072:jR02WMK8RJGInTlhnaBanONVk40rpg4yeF/TyUGSK9FrafcUksPxx6iTUuD:u25GgFny61mrah
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Gh0strat family
-
Boot or Logon Autostart Execution: Port Monitors
Adversaries may use port monitors to run an adversary supplied DLL during system boot for persistence or privilege escalation.
-
Sets service image path in registry
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Port Monitors
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Port Monitors
1Registry Run Keys / Startup Folder
1