Introducing Gh0stGambit: A Dropper for Deploying Gh0st RAT

Description

This analysis examines a recent malware campaign involving a dropper dubbed Gh0stGambit, which is employed to retrieve and execute encrypted payloads, specifically a variant of the notorious Gh0st Remote Access Trojan (RAT). The report details the multi-stage infection process, including the use of deceptive Chrome installer lures, the dropper's evasive techniques, and the capabilities of the delivered Gh0st RAT variant. The malware exhibits advanced functionality, such as rootkit components, keylogging, process termination, and data exfiltration. The investigation concludes that the campaign primarily targets Chinese-speaking users, based on the use of Chinese web lures and the malware's ability to gather information from Chinese applications.