Overview

overview

10

Static

static

1ab6bb9099...04.exe

windows7-x64

10

1ab6bb9099...04.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    1ab6bb909913cd54341e1621e1710804.exe

  • Size

    96KB

  • Sample

    221125-vddgbseg4w

  • MD5

    1ab6bb909913cd54341e1621e1710804

  • SHA1

    d0170d1179e669b7f6c5a527cb26b58d753d5884

  • SHA256

    75fb39f11d3b08e9e0bb9d1308a107337f9033c8da5fdc08d94e111e9609044f

  • SHA512

    d1e28efca1715351340ef369434002d3de0f2846d53e7b796da1843a150a59ace7003ebf33f3b29db14915fed6d5e81738ce9468fcc19471721f0ee046399c5e

  • SSDEEP

    1536:iKDY8dNFwPVs+stIgwZFXMCNVLRJwKj9OmcCDo7:iKc8dNFwPVs+sagyM2VLRJwKj9ACG

Score
10/10
gh0stratpersistencerat

Malware Config

Targets

    • Target

      1ab6bb909913cd54341e1621e1710804.exe

    • Size

      96KB

    • MD5

      1ab6bb909913cd54341e1621e1710804

    • SHA1

      d0170d1179e669b7f6c5a527cb26b58d753d5884

    • SHA256

      75fb39f11d3b08e9e0bb9d1308a107337f9033c8da5fdc08d94e111e9609044f

    • SHA512

      d1e28efca1715351340ef369434002d3de0f2846d53e7b796da1843a150a59ace7003ebf33f3b29db14915fed6d5e81738ce9468fcc19471721f0ee046399c5e

    • SSDEEP

      1536:iKDY8dNFwPVs+stIgwZFXMCNVLRJwKj9OmcCDo7:iKc8dNFwPVs+sagyM2VLRJwKj9ACG

    Score
    10/10
    gh0stratpersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks