Overview

overview

10

Static

static

10

0ec02a267b...c4.exe

windows7-x64

10

0ec02a267b...c4.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    152s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/10/2022, 16:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0ec02a267bd92bab5041e851af7eb284b6b3e8ddfbc6d971f96195637ca215c4.exe

  • Size

    111KB

  • MD5

    8191ec99515c8b36c870b53402d0bc00

  • SHA1

    ce2097429ca76ae86e73b9097db5d24a0a9b0847

  • SHA256

    0ec02a267bd92bab5041e851af7eb284b6b3e8ddfbc6d971f96195637ca215c4

  • SHA512

    4c5fefcce0627d59c982f1f8c62acb7f486d88d1c36d24b76ddd57dcf0d778b0100289f2ab08af850909fb0033dcc4764c44a1bc125740d72a78f9b2eb6b52aa

  • SSDEEP

    3072:KQYPX1Sp7+tFDZzxqE/34pEX9ybZuwB+ky:SEoFDB3E8UZuwB+l

Score
10/10
gh0stratrat

Malware Config

Signatures

  • Gh0st RAT payload 5 IoCs
  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat
  • Loads dropped DLL 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: LoadsDriver 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0ec02a267bd92bab5041e851af7eb284b6b3e8ddfbc6d971f96195637ca215c4.exe
    "C:\Users\Admin\AppData\Local\Temp\0ec02a267bd92bab5041e851af7eb284b6b3e8ddfbc6d971f96195637ca215c4.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    PID:2248
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k imgsvc
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\2052000.dll
    Filesize

    105KB

    MD5

    95c8040b29a2630db081815183a57287

    SHA1

    bc7b99ca2c844d46875a52daeea11e60c2035de8

    SHA256

    d0233721b65927539fd143195389d2392c204311217ca9291c56ec4cf4e64a70

    SHA512

    1d688fb4f0554411960d467003fff8ad8681c7717412f8a8982eae4822c399228a856968841cb091cb98ee136cbb5db65fe3a1c66974695e6882bcdb199715a4

    Download Submit

  • C:\2052000.dll
    Filesize

    105KB

    MD5

    95c8040b29a2630db081815183a57287

    SHA1

    bc7b99ca2c844d46875a52daeea11e60c2035de8

    SHA256

    d0233721b65927539fd143195389d2392c204311217ca9291c56ec4cf4e64a70

    SHA512

    1d688fb4f0554411960d467003fff8ad8681c7717412f8a8982eae4822c399228a856968841cb091cb98ee136cbb5db65fe3a1c66974695e6882bcdb199715a4

    Download Submit

  • C:\ProgramData\FileName.jpg
    Filesize

    222KB

    MD5

    37d47f14edc44bf7b5370c37f6ba4fed

    SHA1

    619c256f8b5b20dfc5c13b682b33848dff265626

    SHA256

    7e2f669064e19616ad90eeaa17ebed5bf3a0de1aadcb2711b8e4b790ced90aa0

    SHA512

    6de46fb5311bf65d4a5a67d07ddab953997de76b6c90dd6bf943db5bc1cf395cac470fe70c243787653361b4af91cbd977a71dae4c6233d00f8648b295e5d659

    Download Submit

  • \??\c:\NT_Path.jpg
    Filesize

    117B

    MD5

    9c59118195177379e9f63e26c95c56bd

    SHA1

    1cd4f4a692350f280fe9310fa4892ad280e08bff

    SHA256

    7661b454519bf64d0941984d1d84dbe0f768471d0bd98b7e8b522a496776ada6

    SHA512

    b3ebd0a526329197c57759adc3728682b1028441c1a0010091dc31a53e68d7a8db00ef00d668dddd523e21c4ca183a42f52b61f0aace4d3e9c084551e929191a

    Download Submit

  • \??\c:\programdata\filename.jpg
    Filesize

    222KB

    MD5

    37d47f14edc44bf7b5370c37f6ba4fed

    SHA1

    619c256f8b5b20dfc5c13b682b33848dff265626

    SHA256

    7e2f669064e19616ad90eeaa17ebed5bf3a0de1aadcb2711b8e4b790ced90aa0

    SHA512

    6de46fb5311bf65d4a5a67d07ddab953997de76b6c90dd6bf943db5bc1cf395cac470fe70c243787653361b4af91cbd977a71dae4c6233d00f8648b295e5d659

    Download Submit

  • memory/2248-132-0x0000000000400000-0x000000000043BDB2-memory.dmp

    Filesize

    239KB

    Download