Overview

overview

10

Static

static

6c7a4c2eb3...d1.exe

windows7-x64

8

6c7a4c2eb3...d1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6c7a4c2eb323324b2591e838c5b3391c28828d8466a138533aff7bbf123fdbd1

  • Size

    96KB

  • Sample

    221128-gxjwkabd94

  • MD5

    fe46056fc8bd9d648a29e076650a2bdf

  • SHA1

    d8e087bf82884fd900fa6bab3019e73cf7ebf213

  • SHA256

    6c7a4c2eb323324b2591e838c5b3391c28828d8466a138533aff7bbf123fdbd1

  • SHA512

    1ea0fa142d386e2007b57c0335b18be583b624aebee187e86102d943c65631977c8c26fb02ef8c248445d6166bb0939edaaa4b579d1a1f15a50a9e8c9a017d4b

  • SSDEEP

    3072:iOS4jHS8q/3nTzePCwNUh4E90yp9w7RUTV/LUz:ih428q/nTzePCwG70ywSS

Score
10/10
gh0stratrat

Malware Config

Targets

    • Target

      6c7a4c2eb323324b2591e838c5b3391c28828d8466a138533aff7bbf123fdbd1

    • Size

      96KB

    • MD5

      fe46056fc8bd9d648a29e076650a2bdf

    • SHA1

      d8e087bf82884fd900fa6bab3019e73cf7ebf213

    • SHA256

      6c7a4c2eb323324b2591e838c5b3391c28828d8466a138533aff7bbf123fdbd1

    • SHA512

      1ea0fa142d386e2007b57c0335b18be583b624aebee187e86102d943c65631977c8c26fb02ef8c248445d6166bb0939edaaa4b579d1a1f15a50a9e8c9a017d4b

    • SSDEEP

      3072:iOS4jHS8q/3nTzePCwNUh4E90yp9w7RUTV/LUz:ih428q/nTzePCwG70ywSS

    Score
    10/10
    gh0stratrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks