Overview

overview

10

Static

static

45baa21da7...49.exe

windows7-x64

10

45baa21da7...49.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    45baa21da760f852f60c7089e1b2d9b2e32d4a887df71f6cbb9a16d0b903fa49

  • Size

    292KB

  • Sample

    221124-n5xwqacb65

  • MD5

    8516e3653d6c34810423ca3ed98275f5

  • SHA1

    2eb9f748e9276718e89acc4098040177f72b0d2a

  • SHA256

    45baa21da760f852f60c7089e1b2d9b2e32d4a887df71f6cbb9a16d0b903fa49

  • SHA512

    4e6fa7bf087aaf7499c0e1eba1c23ea43b90e3cba6d307a22341e4ba48a8e19d5e21cd2d78f45a887ec238be661f092888d26c0a39ed1cebfb309b429396f8f5

  • SSDEEP

    3072:GfvUpXXkVMO4gCwd3E5y1mZtGbvKa2x719Iy/jvuyttPlLcHUzPtVKqdlg:ivUpHu4gvqQ1HKPyIjftxdkUz2m

Score
10/10
gh0stratrat

Malware Config

Targets

    • Target

      45baa21da760f852f60c7089e1b2d9b2e32d4a887df71f6cbb9a16d0b903fa49

    • Size

      292KB

    • MD5

      8516e3653d6c34810423ca3ed98275f5

    • SHA1

      2eb9f748e9276718e89acc4098040177f72b0d2a

    • SHA256

      45baa21da760f852f60c7089e1b2d9b2e32d4a887df71f6cbb9a16d0b903fa49

    • SHA512

      4e6fa7bf087aaf7499c0e1eba1c23ea43b90e3cba6d307a22341e4ba48a8e19d5e21cd2d78f45a887ec238be661f092888d26c0a39ed1cebfb309b429396f8f5

    • SSDEEP

      3072:GfvUpXXkVMO4gCwd3E5y1mZtGbvKa2x719Iy/jvuyttPlLcHUzPtVKqdlg:ivUpHu4gvqQ1HKPyIjftxdkUz2m

    Score
    10/10
    gh0stratrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks