Overview

overview

10

Static

static

589.exe

windows7_x64

10

589.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    589.exe

  • Size

    216KB

  • Sample

    220509-zm5pdsecd5

  • MD5

    a824640862ea34979abb4d80f2ee07b1

  • SHA1

    529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

  • SHA256

    ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

  • SHA512

    99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Score
10/10
gh0stratrat

Malware Config

Targets

    • Target

      589.exe

    • Size

      216KB

    • MD5

      a824640862ea34979abb4d80f2ee07b1

    • SHA1

      529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

    • SHA256

      ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

    • SHA512

      99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

    Score
    10/10
    gh0stratrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks