General
-
Target
f75bc447d88453a635e8f27b392f9834a10122a64e3952e83b1371ccab43e5ba
-
Size
137KB
-
Sample
250309-ad3q1avygv
-
MD5
3aac2d86eeb341c1dc05fbcd26e31556
-
SHA1
e67c94c7beeaf99f1aa409b201e980eda22db891
-
SHA256
f75bc447d88453a635e8f27b392f9834a10122a64e3952e83b1371ccab43e5ba
-
SHA512
5edf980a2ec1d8b649c5bbbb7716df964fb4da89c97de0e7f8300b5e6ee40da873d06a0a738bc84f2d84767c7331e8f0ee3aa1a9882844002154f764534bf4b6
-
SSDEEP
3072:AR02WMK8RJGInTlhnaBanONVk40rpg4yeF/TyUGSK9FrafcUksPxx6iTUun:F25GgFny61mraB
Malware Config
Targets
-
-
Target
f75bc447d88453a635e8f27b392f9834a10122a64e3952e83b1371ccab43e5ba
-
Size
137KB
-
MD5
3aac2d86eeb341c1dc05fbcd26e31556
-
SHA1
e67c94c7beeaf99f1aa409b201e980eda22db891
-
SHA256
f75bc447d88453a635e8f27b392f9834a10122a64e3952e83b1371ccab43e5ba
-
SHA512
5edf980a2ec1d8b649c5bbbb7716df964fb4da89c97de0e7f8300b5e6ee40da873d06a0a738bc84f2d84767c7331e8f0ee3aa1a9882844002154f764534bf4b6
-
SSDEEP
3072:AR02WMK8RJGInTlhnaBanONVk40rpg4yeF/TyUGSK9FrafcUksPxx6iTUun:F25GgFny61mraB
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Gh0strat family
-
Blocklisted process makes network request
-
Boot or Logon Autostart Execution: Port Monitors
Adversaries may use port monitors to run an adversary supplied DLL during system boot for persistence or privilege escalation.
-
Sets service image path in registry
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Port Monitors
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Port Monitors
1Registry Run Keys / Startup Folder
1