Overview

overview

10

Static

static

2b81005865...d4.exe

windows7-x64

9

2b81005865...d4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2b81005865451673d0ac7e5595489d17a6b351d04a3a7cfb7b3f744bba205dd4

  • Size

    369KB

  • Sample

    221123-z7yrkshg2z

  • MD5

    357fc02b92acaf3ad6b75b69967b63d3

  • SHA1

    697ae973cb775988a39d79df387a5af4568ee5bb

  • SHA256

    2b81005865451673d0ac7e5595489d17a6b351d04a3a7cfb7b3f744bba205dd4

  • SHA512

    1d9f578d883fed1bea9d65c149ed3a06d22e45652f0b543221dd2690a66b475fc9b4f123f68f060ef22a52147c8b54d3f8f41f67f80bd48204ff412551a5a73b

  • SSDEEP

    6144:Sw0MvOvt2Siod4uYzqAvZd/246avmtrb8/pnFGA6NGo510rc:HZGv7iG4HOKZdentKX6g210rc

Score
10/10
gh0stratrat

Malware Config

Targets

    • Target

      2b81005865451673d0ac7e5595489d17a6b351d04a3a7cfb7b3f744bba205dd4

    • Size

      369KB

    • MD5

      357fc02b92acaf3ad6b75b69967b63d3

    • SHA1

      697ae973cb775988a39d79df387a5af4568ee5bb

    • SHA256

      2b81005865451673d0ac7e5595489d17a6b351d04a3a7cfb7b3f744bba205dd4

    • SHA512

      1d9f578d883fed1bea9d65c149ed3a06d22e45652f0b543221dd2690a66b475fc9b4f123f68f060ef22a52147c8b54d3f8f41f67f80bd48204ff412551a5a73b

    • SSDEEP

      6144:Sw0MvOvt2Siod4uYzqAvZd/246avmtrb8/pnFGA6NGo510rc:HZGv7iG4HOKZdentKX6g210rc

    Score
    10/10
    gh0stratrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks