Overview

overview

10

Static

static

tmp.exe

windows7-x64

10

tmp.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tmp

  • Size

    66KB

  • Sample

    220923-hl554adde9

  • MD5

    ff8f30cf7243c8a864b5dca79d9cbe22

  • SHA1

    e558aba2b1e09de0e6ba8843f1dacbecc82caf69

  • SHA256

    f0b0507a7776f22dea7cb17f5114113614af2abe5f47bcf504952d969ad9f102

  • SHA512

    ce69cc296337abafb13c93fe07c6d29082b17b42d88165d7d3549c11954a216b21a3a9bd19fa2473d69b5b19e04347c295e8c7329b2fd255b754b421995f98dc

  • SSDEEP

    1536:LiRikCRxHp0QETd5gbfRJ1wxuMVngGF6BhWYP4IWY/2:e4xHcTdaJWwMkBV4A2

Score
10/10
gh0stratrat

Malware Config

Targets

    • Target

      tmp

    • Size

      66KB

    • MD5

      ff8f30cf7243c8a864b5dca79d9cbe22

    • SHA1

      e558aba2b1e09de0e6ba8843f1dacbecc82caf69

    • SHA256

      f0b0507a7776f22dea7cb17f5114113614af2abe5f47bcf504952d969ad9f102

    • SHA512

      ce69cc296337abafb13c93fe07c6d29082b17b42d88165d7d3549c11954a216b21a3a9bd19fa2473d69b5b19e04347c295e8c7329b2fd255b754b421995f98dc

    • SSDEEP

      1536:LiRikCRxHp0QETd5gbfRJ1wxuMVngGF6BhWYP4IWY/2:e4xHcTdaJWwMkBV4A2

    Score
    10/10
    gh0stratrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks