Overview

overview

10

Static

static

10

a11c7d48cd...a3.exe

windows7-x64

10

a11c7d48cd...a3.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    164s
  • max time network
    72s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2022, 12:39

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a11c7d48cdf57ef77827568e81e20a1a9fb4a084baf7a2107856a5faee4b4ea3.exe

  • Size

    71KB

  • MD5

    ba5e6346f5210d0e86f1c46fb782e823

  • SHA1

    b67a98091f364b3d33ad9035bf0b4e7e33a5a94f

  • SHA256

    a11c7d48cdf57ef77827568e81e20a1a9fb4a084baf7a2107856a5faee4b4ea3

  • SHA512

    f7f0627584460136f68354ac9bd7d044f06d0c87257fd0375fc2ba1387038fbc42b6275d0e3f58f9014a90c9fba638115fcc53e07b830fff546c06635deba131

  • SSDEEP

    1536:jWZpTtLcWyeYd4//yEZc1GJf7/QP4uiryI5e:+pZTvnyEZiGJ7/QguiryI5e

Score
10/10
gh0stratrat

Malware Config

Signatures

  • Gh0st RAT payload 3 IoCs
  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat
  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 51 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a11c7d48cdf57ef77827568e81e20a1a9fb4a084baf7a2107856a5faee4b4ea3.exe
    "C:\Users\Admin\AppData\Local\Temp\a11c7d48cdf57ef77827568e81e20a1a9fb4a084baf7a2107856a5faee4b4ea3.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1948
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k imgsvc
    1⤵
    • Deletes itself
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:1620

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\942500.dll
          Filesize

          64KB

          MD5

          7764357846ffe0063122e49143bc32b9

          SHA1

          f455d2c45854082a6e1bcb56f475660c93029d26

          SHA256

          697ff4433e9db0f43ee477cac026a231677fa4762c7c1cfdb2fdc49821e36394

          SHA512

          945350dc7ad14609a86850a4bd0e280dba506fa32ea3c0b50d2227974146bba6efec7359b1718404e53140fb10f8585ecd8876c4cf958695e7d34c9adaa02b61

          Download Submit

        • \??\c:\NT_Path.jpg
          Filesize

          116B

          MD5

          ee1ae89cafd795326978fb87618614eb

          SHA1

          59d454fa0dc181bbd086c03b39d4843fc3a4049a

          SHA256

          7d51b305407c36294441e2151b04ecce74264055f10d4eebca230aa09c8efe40

          SHA512

          dfbf0a5d7019e3395a59db4a76645f0ee93f32aee805fe56f8cbb28b1e214b794ef569e443396bee0661846dac4e28113ee05112b4d302d0ea4f7a776caee24a

          Download Submit

        • \??\c:\program files (x86)\bqvo\mcyqyluef.bmp
          Filesize

          11.5MB

          MD5

          3853f52f1d9478e9256974a3f79ab2a3

          SHA1

          115cdbc81e157560df3ce15b8783f6f72ace40db

          SHA256

          a88ef237f683c08db5128b92c2334de4ad138dfc119b2c6e62a9a03e744ec675

          SHA512

          484137a7b8fd65d340fc2fe78b9fb7019a5da78b77137d43752ac57380be5bed9ad89dda4826efa223b57a0fffae767585e9a9a59e7a17af98988db6b64a7412

          Download Submit

        • \Program Files (x86)\Bqvo\Mcyqyluef.bmp
          Filesize

          11.5MB

          MD5

          3853f52f1d9478e9256974a3f79ab2a3

          SHA1

          115cdbc81e157560df3ce15b8783f6f72ace40db

          SHA256

          a88ef237f683c08db5128b92c2334de4ad138dfc119b2c6e62a9a03e744ec675

          SHA512

          484137a7b8fd65d340fc2fe78b9fb7019a5da78b77137d43752ac57380be5bed9ad89dda4826efa223b57a0fffae767585e9a9a59e7a17af98988db6b64a7412

          Download Submit

        • memory/1948-54-0x0000000074F01000-0x0000000074F03000-memory.dmp

          Filesize

          8KB

          Download