Analysis
-
max time kernel
151s -
max time network
42s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
29-11-2022 04:21
General
-
Target
a12ad615982486d892c34de1a14f8b947428f7696eab73eae59b3cae4fbfd68a.exe
-
Size
204KB
-
MD5
0605b275f82fca535c7b2296d19c9ca0
-
SHA1
3d30333cba7aae765e37a0704b4f9bb7f309c063
-
SHA256
a12ad615982486d892c34de1a14f8b947428f7696eab73eae59b3cae4fbfd68a
-
SHA512
3632a6b8f7fe0f626a583b0546df25f36b2082770c63e7e2205cda9ab058e06b52125100a15d7fdff329f98848b341f15f1949b52665bf3bbe81cac6f9496dd6
-
SSDEEP
6144:WG5/yQ1/h46Fl0E76QQNUTBl2pqPK1Rpa:WcyuhRFN76ZUT3kxvY
Malware Config
Signatures
-
Gh0st RAT payload 2 IoCs
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Sets DLL path for service in the registry 2 TTPs 1 IoCs
-
Deletes itself 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Drops file in Program Files directory 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a12ad615982486d892c34de1a14f8b947428f7696eab73eae59b3cae4fbfd68a.exe"C:\Users\Admin\AppData\Local\Temp\a12ad615982486d892c34de1a14f8b947428f7696eab73eae59b3cae4fbfd68a.exe"1⤵
- Sets DLL path for service in the registry
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs1⤵
- Deletes itself
- Loads dropped DLL
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
136KB
MD5e59e8b22424d13b45b8416fe2d3ae264
SHA15984170280b1326e0b571456d7926debe762de92
SHA25617e991a820ff0585e25cee8a5595676857275ce0cddf2ecfc18f47e634166552
SHA512ce8a19aa2f163ee2b228ce100f3e30ed538b155bc63377f2049cb9541c0e99e9c67fea7db928095797a4eecde7a2473717b30efa3f1643b1118c957119c0c58f
-
Filesize
136KB
MD5e59e8b22424d13b45b8416fe2d3ae264
SHA15984170280b1326e0b571456d7926debe762de92
SHA25617e991a820ff0585e25cee8a5595676857275ce0cddf2ecfc18f47e634166552
SHA512ce8a19aa2f163ee2b228ce100f3e30ed538b155bc63377f2049cb9541c0e99e9c67fea7db928095797a4eecde7a2473717b30efa3f1643b1118c957119c0c58f
-
Filesize
8KB