Overview

overview

10

Static

static

593d9a97ac...41.exe

windows7-x64

10

593d9a97ac...41.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    593d9a97ac754168b88f27352eaaae8985c2a84d4031207d12d450b223d2fe41

  • Size

    480KB

  • Sample

    221002-qqbfaaaccp

  • MD5

    6f50e2b491285314dffbdf495c20b1e0

  • SHA1

    12f3bc625b8cde134da267ddbaa70df9ad49848b

  • SHA256

    593d9a97ac754168b88f27352eaaae8985c2a84d4031207d12d450b223d2fe41

  • SHA512

    ddd629e0c8136b3de43ed7a000caa268e3f65c6e6fe01eb3987cf848ea1841136fec129e49762ea2b6a48ffa87ee44a24d34c639fb8e4f75b47838cd4093edb0

  • SSDEEP

    12288:R1DYr96WUZOMwO5eTV38FRCXUq89H8I/mVOQiXpuUUM:RdY5TMwseTvXUq89cYmQz5uUUM

Score
10/10
gh0stratjokeraspackv2bootkitinfostealerpersistencerattrojan

Malware Config

Targets

    • Target

      593d9a97ac754168b88f27352eaaae8985c2a84d4031207d12d450b223d2fe41

    • Size

      480KB

    • MD5

      6f50e2b491285314dffbdf495c20b1e0

    • SHA1

      12f3bc625b8cde134da267ddbaa70df9ad49848b

    • SHA256

      593d9a97ac754168b88f27352eaaae8985c2a84d4031207d12d450b223d2fe41

    • SHA512

      ddd629e0c8136b3de43ed7a000caa268e3f65c6e6fe01eb3987cf848ea1841136fec129e49762ea2b6a48ffa87ee44a24d34c639fb8e4f75b47838cd4093edb0

    • SSDEEP

      12288:R1DYr96WUZOMwO5eTV38FRCXUq89H8I/mVOQiXpuUUM:RdY5TMwseTvXUq89cYmQz5uUUM

    Score
    10/10
    gh0stratjokeraspackv2bootkitinfostealerpersistencerattrojan

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • joker

      Joker is an Android malware that targets billing and SMS fraud.

      infostealertrojanjoker

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks