Overview

overview

10

Static

static

10643b5ff0...91.exe

windows7-x64

8

10643b5ff0...91.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    10643b5ff0465bf37a9a229a08e8868b21689442d7366e7ab2d6072702743a91

  • Size

    196KB

  • Sample

    221127-m5k2gsca84

  • MD5

    4022a5e56e46d4e00ecb554d863aa671

  • SHA1

    ee74c918642f773209d026fa66a2f145cb69cbee

  • SHA256

    10643b5ff0465bf37a9a229a08e8868b21689442d7366e7ab2d6072702743a91

  • SHA512

    e2e2efbac4dd332caaebf0e0f7c44e284e2950762e603ed7b062396eac6193ca475dfeecc3dd10457599377d1f2287023f93014d63dc1caca36c772b808d717b

  • SSDEEP

    3072:Vgmn0avOvtYz4nqSioDXx4uE9w2qbMUeZPgrQ/O/46P4M15m:+w0avOvtYSiod4uYzqAvZd/246pvm

Score
10/10
gh0stratrat

Malware Config

Targets

    • Target

      10643b5ff0465bf37a9a229a08e8868b21689442d7366e7ab2d6072702743a91

    • Size

      196KB

    • MD5

      4022a5e56e46d4e00ecb554d863aa671

    • SHA1

      ee74c918642f773209d026fa66a2f145cb69cbee

    • SHA256

      10643b5ff0465bf37a9a229a08e8868b21689442d7366e7ab2d6072702743a91

    • SHA512

      e2e2efbac4dd332caaebf0e0f7c44e284e2950762e603ed7b062396eac6193ca475dfeecc3dd10457599377d1f2287023f93014d63dc1caca36c772b808d717b

    • SSDEEP

      3072:Vgmn0avOvtYz4nqSioDXx4uE9w2qbMUeZPgrQ/O/46P4M15m:+w0avOvtYSiod4uYzqAvZd/246pvm

    Score
    10/10
    gh0stratrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks