Overview

overview

10

Static

static

10

a4b53948e2...47.exe

windows7-x64

10

a4b53948e2...47.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    a4b53948e2eefaee6c01245d6807576480a578bd697b89c0ebb89b5f4d12c147

  • Size

    207KB

  • Sample

    221129-elfnnagd7y

  • MD5

    c39fb89aa3554308206672ba22d9d5aa

  • SHA1

    21b05f938a5ef1e58822c73aa9e66f0e03081d3c

  • SHA256

    a4b53948e2eefaee6c01245d6807576480a578bd697b89c0ebb89b5f4d12c147

  • SHA512

    41a591a551b7d182cadf5f8f06a75f91ecf3b4c2667c38fdc5531baff178e16e640512fa2d6e30a5704a93858f093a2dd26f306338c090f25082601093a994e5

  • SSDEEP

    6144:KR3vRz6tdsLebyI/DP0cTBlponN3PUG9F:yU4LeuI/DP0cT3i7

Score
10/10
gh0stratrat

Malware Config

Targets

    • Target

      a4b53948e2eefaee6c01245d6807576480a578bd697b89c0ebb89b5f4d12c147

    • Size

      207KB

    • MD5

      c39fb89aa3554308206672ba22d9d5aa

    • SHA1

      21b05f938a5ef1e58822c73aa9e66f0e03081d3c

    • SHA256

      a4b53948e2eefaee6c01245d6807576480a578bd697b89c0ebb89b5f4d12c147

    • SHA512

      41a591a551b7d182cadf5f8f06a75f91ecf3b4c2667c38fdc5531baff178e16e640512fa2d6e30a5704a93858f093a2dd26f306338c090f25082601093a994e5

    • SSDEEP

      6144:KR3vRz6tdsLebyI/DP0cTBlponN3PUG9F:yU4LeuI/DP0cT3i7

    Score
    10/10
    gh0stratrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks