Overview

overview

10

Static

static

0e6e7877ac...70.exe

windows7-x64

8

0e6e7877ac...70.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    0e6e7877ac6881ef10ef7e7fde7a1b974e12effc18897b10a04178a0f611b670

  • Size

    196KB

  • Sample

    221003-3ak11abgh6

  • MD5

    64e7ad992640545d0a4b725e697805cf

  • SHA1

    9ab968697ea212c007e7f3c9d0f021e08c5cae06

  • SHA256

    0e6e7877ac6881ef10ef7e7fde7a1b974e12effc18897b10a04178a0f611b670

  • SHA512

    8942d209db5c7ad587ca20b27e3bb8216eae4676c2c17f77781ce9bf07707014e4e35cc48e62119f6ef8b1b78872ab6e831d649bd7f60c8db8d7539f2929fa04

  • SSDEEP

    3072:eHun0evOvtYzonqSioDXxbuE9w2qbXUeZPtrQ/a/4qByMlZV:KI0evOvtoSiodbuYzqDvZC/a4qBfV

Score
10/10
gh0stratrat

Malware Config

Targets

    • Target

      0e6e7877ac6881ef10ef7e7fde7a1b974e12effc18897b10a04178a0f611b670

    • Size

      196KB

    • MD5

      64e7ad992640545d0a4b725e697805cf

    • SHA1

      9ab968697ea212c007e7f3c9d0f021e08c5cae06

    • SHA256

      0e6e7877ac6881ef10ef7e7fde7a1b974e12effc18897b10a04178a0f611b670

    • SHA512

      8942d209db5c7ad587ca20b27e3bb8216eae4676c2c17f77781ce9bf07707014e4e35cc48e62119f6ef8b1b78872ab6e831d649bd7f60c8db8d7539f2929fa04

    • SSDEEP

      3072:eHun0evOvtYzonqSioDXxbuE9w2qbXUeZPtrQ/a/4qByMlZV:KI0evOvtoSiodbuYzqDvZC/a4qBfV

    Score
    10/10
    gh0stratrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks