Introducing Gh0stGambit A Dropper for Deploying Gh0st RAT

This analysis examines a recent malware campaign involving a dropper dubbed Gh0stGambit which is employed to retrieve and execute encrypted payloads specifically a variant of the notorious Gh0st Remote Access Trojan (RAT). The report details the multi-stage infection process including the use of deceptive Chrome installer lures the droppers evasive techniques and the capabilities of the delivered Gh0st RAT variant. The malware exhibits advanced functionality such as rootkit components keylogging process termination and data exfiltration. The investigation concludes that the campaign primarily targets Chinese-speaking users based on the use of Chinese web lures and the malwares ability to gather information from Chinese applications.