Overview

overview

10

Static

static

10

6aaf784991...a8.exe

windows7-x64

10

6aaf784991...a8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6aaf78499150daca0cffe6c6419c4199bae084b6008e0cdb20a1daadb68afda8

  • Size

    141KB

  • Sample

    221003-rrfxtsbabm

  • MD5

    6d8d48afc3782a3007d0b40c0f2b9252

  • SHA1

    d33e622dd1e846c9fb4fa866ad126d6daa021fc4

  • SHA256

    6aaf78499150daca0cffe6c6419c4199bae084b6008e0cdb20a1daadb68afda8

  • SHA512

    76bc851202d0fb7b5640ae7a3598b478dbe907bcc77607e626caa3e8a1460563dd3db5a3e41d01c31c2f70beba610a715d8b03161464eb325a5f5087c2a95955

  • SSDEEP

    3072:PmkFSPOOECpVKTbp3WpnAzDhZFYYJOGS5XzZQ82pCi0z:9zTb+AvNYIq5DZQhoZ

Score
10/10
gh0stratrat

Malware Config

Targets

    • Target

      6aaf78499150daca0cffe6c6419c4199bae084b6008e0cdb20a1daadb68afda8

    • Size

      141KB

    • MD5

      6d8d48afc3782a3007d0b40c0f2b9252

    • SHA1

      d33e622dd1e846c9fb4fa866ad126d6daa021fc4

    • SHA256

      6aaf78499150daca0cffe6c6419c4199bae084b6008e0cdb20a1daadb68afda8

    • SHA512

      76bc851202d0fb7b5640ae7a3598b478dbe907bcc77607e626caa3e8a1460563dd3db5a3e41d01c31c2f70beba610a715d8b03161464eb325a5f5087c2a95955

    • SSDEEP

      3072:PmkFSPOOECpVKTbp3WpnAzDhZFYYJOGS5XzZQ82pCi0z:9zTb+AvNYIq5DZQhoZ

    Score
    10/10
    gh0stratrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Deletes itself

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks