General

  • Target

    0dfeb937549049f96683616b4cd5f538931e8fbb8b731bb1c81098013aac34f5

  • Size

    392KB

  • Sample

    250703-gkagcsvmz6

  • MD5

    687a90f8029570072338da28ee76c060

  • SHA1

    3fcc10da9a83114be900496b7a216ef9c4ca6c1b

  • SHA256

    0dfeb937549049f96683616b4cd5f538931e8fbb8b731bb1c81098013aac34f5

  • SHA512

    2a030ad5edfb2f205395ff0ec3c125add682dad3de7b0944f6e4e47bdef02085db895c3c56747a1dcf68762d3ca6fe88bd5eb4a60edf5f1a7f8793f9daafa99e

  • SSDEEP

    3072:xtK/yLrQbWaR5Qax8c/Yt5D1ZULg4NShiREHYzj8FUy:xkyLEbWaR5Cc0gUXBHY8Fr

Malware Config

Extracted

Family

gh0strat

C2

222.186.134.85

Targets

    • Target

      0dfeb937549049f96683616b4cd5f538931e8fbb8b731bb1c81098013aac34f5

    • Size

      392KB

    • MD5

      687a90f8029570072338da28ee76c060

    • SHA1

      3fcc10da9a83114be900496b7a216ef9c4ca6c1b

    • SHA256

      0dfeb937549049f96683616b4cd5f538931e8fbb8b731bb1c81098013aac34f5

    • SHA512

      2a030ad5edfb2f205395ff0ec3c125add682dad3de7b0944f6e4e47bdef02085db895c3c56747a1dcf68762d3ca6fe88bd5eb4a60edf5f1a7f8793f9daafa99e

    • SSDEEP

      3072:xtK/yLrQbWaR5Qax8c/Yt5D1ZULg4NShiREHYzj8FUy:xkyLEbWaR5Cc0gUXBHY8Fr

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks