gh0strat | 20105bd3112e1467d5081400343a6c4baa915c12012db77fadddd5a84e7a0b75 | Triage

Submit
Reports

Overview

overview

Static

static

20105bd311...75.exe

windows7_x64

20105bd311...75.exe

windows10-2004_x64

Sharing

General

Target

20105bd3112e1467d5081400343a6c4baa915c12012db77fadddd5a84e7a0b75
Size

260KB
Sample

220612-q3nalsdhcn
MD5

27fe3482f2f12435310a3c84544f4f0b
SHA1

dcef2cd3c551bf22b748556d7cdcd439a6cc5274
SHA256

20105bd3112e1467d5081400343a6c4baa915c12012db77fadddd5a84e7a0b75
SHA512

2324d9e10f410c3573d99dcdf3daf0960965e0e09a5134d21ad25e9cf6d0f91919e38cf37513b27baa25c3ade79825096dd88c50dfa5ddb82ff8ed36c32b2c48

Score

10^/10

gh0strat ramnit banker evasion rat spyware stealer suricata trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

20105bd3112e1467d5081400343a6c4baa915c12012db77fadddd5a84e7a0b75.exe

Resource

win7-20220414-en

gh0strat ramnit banker rat spyware stealer trojan upx worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

20105bd3112e1467d5081400343a6c4baa915c12012db77fadddd5a84e7a0b75.exe

Resource

win10v2004-20220414-en

gh0strat ramnit banker evasion rat spyware stealer suricata trojan upx worm

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  20105bd3112e1467d5081400343a6c4baa915c12012db77fadddd5a84e7a0b75
- Size
  
  260KB
- MD5
  
  27fe3482f2f12435310a3c84544f4f0b
- SHA1
  
  dcef2cd3c551bf22b748556d7cdcd439a6cc5274
- SHA256
  
  20105bd3112e1467d5081400343a6c4baa915c12012db77fadddd5a84e7a0b75
- SHA512
  
  2324d9e10f410c3573d99dcdf3daf0960965e0e09a5134d21ad25e9cf6d0f91919e38cf37513b27baa25c3ade79825096dd88c50dfa5ddb82ff8ed36c32b2c48
Score

10^/10

gh0strat ramnit banker rat spyware stealer trojan upx worm evasion suricata
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Modifies firewall policy service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- suricata: ET MALWARE Known Hostile Domain ant.trenz .pl Lookup
  suricata: ET MALWARE Known Hostile Domain ant.trenz .pl Lookup
  suricata
- suricata: ET MALWARE Known Hostile Domain ilo.brenz .pl Lookup
  suricata: ET MALWARE Known Hostile Domain ilo.brenz .pl Lookup
  suricata
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratramnitbankerratspywarestealertrojanupxworm

behavioral2

gh0stratramnitbankerevasionratspywarestealersuricatatrojanupxworm

© 2018-2024

Terms | Privacy