Overview

overview

10

Static

static

8

1010MY-V1218.exe

windows7-x64

10

1010MY-V1218.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    86d4074467c4ea38d2e9895c52dedc44aeeb8ea861346d39b56dbf8275f60918

  • Size

    940KB

  • Sample

    221125-1bgc4abb9s

  • MD5

    fa6de6d4fcbf4a9c8aa154085a930281

  • SHA1

    7f51445f68938e54919c4d0d7c0f3efc849d5ba8

  • SHA256

    86d4074467c4ea38d2e9895c52dedc44aeeb8ea861346d39b56dbf8275f60918

  • SHA512

    2a220450f722cc3a3dfc733a1094e0b50e6f996688301cbb670df9a0f933e449d5cb361ad11025653d28c0265c8e1eb73b15ad0bacccd743e8abe88437e21d58

  • SSDEEP

    24576:r2aSIv5HUmCiJ6TqvlcKubqykrUS4sRJ+it1lbbK:KUhUmlVqKubqbrn4XitnbK

Score
10/10
gh0stratpersistenceratupx

Malware Config

Targets

    • Target

      1010MY-V1218.exe

    • Size

      947KB

    • MD5

      1dc2016085f4812b865d612c6e326034

    • SHA1

      fd0300a836e278768befc0f1f4b67d3cdbf3b342

    • SHA256

      d8580d5b3b36887de5fb650c737fab236921394c69613ae8eb35509384a7a4a1

    • SHA512

      499004d5789bff99f38aa66fc62e0d4661964ae26e9b3159ef92bc826508e2891c4dde3126fdcb295ccd6ca80fa51accd8fdeb16caae4053df6dae57cf6198bd

    • SSDEEP

      24576:B/rEr2aSwv5PKGWMJW9qvlqqgLuqgLySAsRl+i51vxbm:B/gr2EtKGZlIqgLu1LRAxi5Xbm

    Score
    10/10
    gh0stratpersistenceratupx

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks