Overview

overview

10

Static

static

005d918991...ca.exe

windows7-x64

8

005d918991...ca.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    005d91899185582cb3e008aa6e8c222e0a8dc4b8ee60783ca83d9cfece0f1aca

  • Size

    196KB

  • Sample

    221123-lwzylsfh3y

  • MD5

    e203b6aac83a1906f898f233754b2b09

  • SHA1

    228d724b01b355600e54584276ddd96ae4d342d9

  • SHA256

    005d91899185582cb3e008aa6e8c222e0a8dc4b8ee60783ca83d9cfece0f1aca

  • SHA512

    1eb5d80c8fe28e20f43bcaf3fbc6d5608a2712118050c5da84bfcc8ce0a8b30e19a148c33dafb88c3698dfe6c37a2166837d280e1affd30825476f92d3e164c8

  • SSDEEP

    3072:Vgmn0avOvtYz4nqSioDXx4uE9w2qbMUeZPgrQ/O/46q4M15m:+w0avOvtYSiod4uYzqAvZd/246Wvm

Score
10/10
gh0stratrat

Malware Config

Targets

    • Target

      005d91899185582cb3e008aa6e8c222e0a8dc4b8ee60783ca83d9cfece0f1aca

    • Size

      196KB

    • MD5

      e203b6aac83a1906f898f233754b2b09

    • SHA1

      228d724b01b355600e54584276ddd96ae4d342d9

    • SHA256

      005d91899185582cb3e008aa6e8c222e0a8dc4b8ee60783ca83d9cfece0f1aca

    • SHA512

      1eb5d80c8fe28e20f43bcaf3fbc6d5608a2712118050c5da84bfcc8ce0a8b30e19a148c33dafb88c3698dfe6c37a2166837d280e1affd30825476f92d3e164c8

    • SSDEEP

      3072:Vgmn0avOvtYz4nqSioDXx4uE9w2qbMUeZPgrQ/O/46q4M15m:+w0avOvtYSiod4uYzqAvZd/246Wvm

    Score
    10/10
    gh0stratrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks