Overview

overview

10

Static

static

ghost.exe

windows7_x64

10

ghost.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ghost.exe

  • Size

    78KB

  • Sample

    220704-fmwlyaggf5

  • MD5

    d7d0564f6660199dfa918a5cfbffe490

  • SHA1

    726988b123d3ede065c515707d4172408517510b

  • SHA256

    0f98cc9005f90608a75dbbc44900d421a0f36bfed48f491fce45902ba138e988

  • SHA512

    e755dec73cdc0bae337e677a4c8e129f57bfffec6bbe8f731e73e0d4c68bdb10eb1bdfbe9fdd8e0edfac594963a8bc8ece5e5da3d8482e33b79081995e6fd35e

Score
10/10
asyncratrat

Malware Config

Targets

    • Target

      ghost.exe

    • Size

      78KB

    • MD5

      d7d0564f6660199dfa918a5cfbffe490

    • SHA1

      726988b123d3ede065c515707d4172408517510b

    • SHA256

      0f98cc9005f90608a75dbbc44900d421a0f36bfed48f491fce45902ba138e988

    • SHA512

      e755dec73cdc0bae337e677a4c8e129f57bfffec6bbe8f731e73e0d4c68bdb10eb1bdfbe9fdd8e0edfac594963a8bc8ece5e5da3d8482e33b79081995e6fd35e

    Score
    10/10
    asyncratrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks