Overview

overview

10

Static

static

f085e6f775...18.exe

windows7-x64

8

f085e6f775...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f085e6f775ed9fc79f315e2ea1dc165bb2b888a75501bf46431bec8bd3380418

  • Size

    196KB

  • Sample

    221127-r9be3aeh72

  • MD5

    d8ef06a961dec847b5ab0c1efe78453b

  • SHA1

    bd3ef64a8c65c90982514aea936a20ad4511e50b

  • SHA256

    f085e6f775ed9fc79f315e2ea1dc165bb2b888a75501bf46431bec8bd3380418

  • SHA512

    927937a9c4ab69ce21ff455300863cbca8e88262ec70c326c0ae1c0689d851a986450968e5cf04892d4dd6dbbc14d76676a35c556b844905b4f02b518f41d9d0

  • SSDEEP

    3072:Vgmn0avOvtYz4nqSioDXx4uE9w2qbMUeZPgrQ/O/46u4M15m:+w0avOvtYSiod4uYzqAvZd/246qvm

Score
10/10
gh0stratrat

Malware Config

Targets

    • Target

      f085e6f775ed9fc79f315e2ea1dc165bb2b888a75501bf46431bec8bd3380418

    • Size

      196KB

    • MD5

      d8ef06a961dec847b5ab0c1efe78453b

    • SHA1

      bd3ef64a8c65c90982514aea936a20ad4511e50b

    • SHA256

      f085e6f775ed9fc79f315e2ea1dc165bb2b888a75501bf46431bec8bd3380418

    • SHA512

      927937a9c4ab69ce21ff455300863cbca8e88262ec70c326c0ae1c0689d851a986450968e5cf04892d4dd6dbbc14d76676a35c556b844905b4f02b518f41d9d0

    • SSDEEP

      3072:Vgmn0avOvtYz4nqSioDXx4uE9w2qbMUeZPgrQ/O/46u4M15m:+w0avOvtYSiod4uYzqAvZd/246qvm

    Score
    10/10
    gh0stratrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks