Overview

overview

10

Static

static

3ea69ee04d...19.exe

windows7-x64

8

3ea69ee04d...19.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    3ea69ee04d6c40aada835ec2960c38ca12d325121eb31f501fe052e9f57b2019

  • Size

    96KB

  • Sample

    221003-r6kjkabef3

  • MD5

    64551ab7540c3ddb7d32c1c4dcc3f2da

  • SHA1

    9b30425b709670303d0eaae9d4b468710e05855d

  • SHA256

    3ea69ee04d6c40aada835ec2960c38ca12d325121eb31f501fe052e9f57b2019

  • SHA512

    79228b62041c9ad3afb891b429fd162f51218a5a37e85ad4afa4892080954833afb9e5f0dcfc8a242208773b5b21f2f76c490c3a23048e160019d659311a5012

  • SSDEEP

    1536:h6FusSx9qYMhdFHS8qdydo3nTzhYxJA+CwNUtBZVY9v8prM0vLIYvneeD:hgS4jHS8q/3nTzePCwNUh4E9MKLTvZD

Score
10/10
gh0stratrat

Malware Config

Targets

    • Target

      3ea69ee04d6c40aada835ec2960c38ca12d325121eb31f501fe052e9f57b2019

    • Size

      96KB

    • MD5

      64551ab7540c3ddb7d32c1c4dcc3f2da

    • SHA1

      9b30425b709670303d0eaae9d4b468710e05855d

    • SHA256

      3ea69ee04d6c40aada835ec2960c38ca12d325121eb31f501fe052e9f57b2019

    • SHA512

      79228b62041c9ad3afb891b429fd162f51218a5a37e85ad4afa4892080954833afb9e5f0dcfc8a242208773b5b21f2f76c490c3a23048e160019d659311a5012

    • SSDEEP

      1536:h6FusSx9qYMhdFHS8qdydo3nTzhYxJA+CwNUtBZVY9v8prM0vLIYvneeD:hgS4jHS8q/3nTzePCwNUh4E9MKLTvZD

    Score
    10/10
    gh0stratrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks