Overview

overview

10

Static

static

1f2636e6a2...32.exe

windows7-x64

8

1f2636e6a2...32.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1f2636e6a27ca8a7d436468f899c99b654fab8db2b4177fb011995620ccc9132

  • Size

    95KB

  • Sample

    221002-rdccgshhc4

  • MD5

    75f0418752693a03df577816983334c0

  • SHA1

    cf2a1337af1f0aa0dad6d3cdbe41c7169461fa10

  • SHA256

    1f2636e6a27ca8a7d436468f899c99b654fab8db2b4177fb011995620ccc9132

  • SHA512

    dc744e45ea2b32b29f43f860331a43837af31fd7dc86af5f10838983069953aed8d6bfd625787cf0f38c53849f0d343abf1dd3dc4f79378bfc002ff05374336a

  • SSDEEP

    1536:U0FusSx9qYMhdFHS8qdydo3nTzhYxJA+CwNUtBZVY9v8prIVVuX08xCpyaB:UGS4jHS8q/3nTzePCwNUh4E9It8xMyS

Score
10/10
gh0stratrat

Malware Config

Targets

    • Target

      1f2636e6a27ca8a7d436468f899c99b654fab8db2b4177fb011995620ccc9132

    • Size

      95KB

    • MD5

      75f0418752693a03df577816983334c0

    • SHA1

      cf2a1337af1f0aa0dad6d3cdbe41c7169461fa10

    • SHA256

      1f2636e6a27ca8a7d436468f899c99b654fab8db2b4177fb011995620ccc9132

    • SHA512

      dc744e45ea2b32b29f43f860331a43837af31fd7dc86af5f10838983069953aed8d6bfd625787cf0f38c53849f0d343abf1dd3dc4f79378bfc002ff05374336a

    • SSDEEP

      1536:U0FusSx9qYMhdFHS8qdydo3nTzhYxJA+CwNUtBZVY9v8prIVVuX08xCpyaB:UGS4jHS8q/3nTzePCwNUh4E9It8xMyS

    Score
    10/10
    gh0stratrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks