General
-
Target
5f6277fdef615d022d71c9352c47d2f1223447985a06233b66d7cceffef64746
-
Size
137KB
-
Sample
250307-l9377ayr15
-
MD5
8590d25df465b8967cb595dd0c650cbe
-
SHA1
bf28d91206c9e1a594e2320b0ef3fd2271095c32
-
SHA256
5f6277fdef615d022d71c9352c47d2f1223447985a06233b66d7cceffef64746
-
SHA512
de4b26b0daed82a80bf38c5e25ec9aa060d596413c0ffc7b3b4bbc89cdffd8858716d7ea54caa34c1473a6281c1e497199fbf85482026309decda6b0818307a1
-
SSDEEP
3072:PR02WMK8RJGInTlhnaBanONVk40rpg4yeF/TyUGSK9FrafcUksPxx6iTUuc:y25GgFny61mra6
Malware Config
Targets
-
-
Target
5f6277fdef615d022d71c9352c47d2f1223447985a06233b66d7cceffef64746
-
Size
137KB
-
MD5
8590d25df465b8967cb595dd0c650cbe
-
SHA1
bf28d91206c9e1a594e2320b0ef3fd2271095c32
-
SHA256
5f6277fdef615d022d71c9352c47d2f1223447985a06233b66d7cceffef64746
-
SHA512
de4b26b0daed82a80bf38c5e25ec9aa060d596413c0ffc7b3b4bbc89cdffd8858716d7ea54caa34c1473a6281c1e497199fbf85482026309decda6b0818307a1
-
SSDEEP
3072:PR02WMK8RJGInTlhnaBanONVk40rpg4yeF/TyUGSK9FrafcUksPxx6iTUuc:y25GgFny61mra6
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Gh0strat family
-
Boot or Logon Autostart Execution: Port Monitors
Adversaries may use port monitors to run an adversary supplied DLL during system boot for persistence or privilege escalation.
-
Sets service image path in registry
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Drops file in System32 directory
-