Overview

overview

10

Static

static

876f83b312...ac.exe

windows7-x64

8

876f83b312...ac.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    876f83b31273b7ed38df868d5e94aa7f5be9b55fe7a06d2fa723c44223ce40ac

  • Size

    95KB

  • Sample

    221129-g14p5sch92

  • MD5

    6b25675226436d12caaa3d9fa2d76b81

  • SHA1

    784ca8d782bd88313c8e57dadf305f9babb227fd

  • SHA256

    876f83b31273b7ed38df868d5e94aa7f5be9b55fe7a06d2fa723c44223ce40ac

  • SHA512

    506cf7464c829bb68f43742bfff8b2dc279849443811b7c0480c654fab5ad262dda77dc4e147105126bd949bfa7814f36ff75d61a99cabbaf6e3dbe29fa5b6c0

  • SSDEEP

    1536:tTFusSx9qYMhdFHS8qdydo3nTzhYxJA+CwNUtBZVY9v8prXGrvEQkNB5HYa:ttS4jHS8q/3nTzePCwNUh4E92rMQkf5T

Score
10/10
gh0stratrat

Malware Config

Targets

    • Target

      876f83b31273b7ed38df868d5e94aa7f5be9b55fe7a06d2fa723c44223ce40ac

    • Size

      95KB

    • MD5

      6b25675226436d12caaa3d9fa2d76b81

    • SHA1

      784ca8d782bd88313c8e57dadf305f9babb227fd

    • SHA256

      876f83b31273b7ed38df868d5e94aa7f5be9b55fe7a06d2fa723c44223ce40ac

    • SHA512

      506cf7464c829bb68f43742bfff8b2dc279849443811b7c0480c654fab5ad262dda77dc4e147105126bd949bfa7814f36ff75d61a99cabbaf6e3dbe29fa5b6c0

    • SSDEEP

      1536:tTFusSx9qYMhdFHS8qdydo3nTzhYxJA+CwNUtBZVY9v8prXGrvEQkNB5HYa:ttS4jHS8q/3nTzePCwNUh4E92rMQkf5T

    Score
    10/10
    gh0stratrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks