General

  • Size

    375KB

  • Sample

    220923-hag9wsddc4

  • MD5

    78c49abfd69723eced1ddd15f00eb718

  • SHA1

    991f106853722fa4e7d46e02cb61904004d5ff39

  • SHA256

    276d00d16fc468d0ed47c4bc51dd7184207b6f8f440255c8bc24b1a233ee9f8c

  • SHA512

    197e008e9d5fb10b67a42a52edd726cfe0c1e4385d82b6a12c3aa5c9d238017bec0d43a1ade4a8cc1594584e4a64715c08cadacc7f74dcaa82d58c3ed533e8f5

Score
10/10

Malware Config

Targets

    • Target

      276d00d16fc468d0ed47c4bc51dd7184207b6f8f440255c8bc24b1a233ee9f8c

    • Size

      375KB

    • MD5

      78c49abfd69723eced1ddd15f00eb718

    • SHA1

      991f106853722fa4e7d46e02cb61904004d5ff39

    • SHA256

      276d00d16fc468d0ed47c4bc51dd7184207b6f8f440255c8bc24b1a233ee9f8c

    • SHA512

      197e008e9d5fb10b67a42a52edd726cfe0c1e4385d82b6a12c3aa5c9d238017bec0d43a1ade4a8cc1594584e4a64715c08cadacc7f74dcaa82d58c3ed533e8f5

    Score
    10/10
    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation