Overview

overview

10

Static

static

250ec3c37b...df.exe

windows7-x64

8

250ec3c37b...df.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    250ec3c37b49067a2a9b49a5af27373354cd8edbe0001f6590c1499aa0d9b4df

  • Size

    98KB

  • Sample

    221129-mbfjxach4w

  • MD5

    39e7cf1212589b55034da7c4f8b7e235

  • SHA1

    01536537ca7799102a1d12ddd3254a21ff1412e6

  • SHA256

    250ec3c37b49067a2a9b49a5af27373354cd8edbe0001f6590c1499aa0d9b4df

  • SHA512

    c78033581641a4755c328b917f6287f7f04ff697f27db73319bb1e303f5857d91816d83b8e9a98b32948aac3baf3ab9c047cd43705a3c9214f2d9dbf16bc7e01

  • SSDEEP

    1536:QYFusSx9qYMhdFHS8qdydo3nTzhYxJA+CwNUtBZVY9v8prZP9mTVtZugW:QKS4jHS8q/3nTzePCwNUh4E9OZm

Score
10/10
gh0stratrat

Malware Config

Targets

    • Target

      250ec3c37b49067a2a9b49a5af27373354cd8edbe0001f6590c1499aa0d9b4df

    • Size

      98KB

    • MD5

      39e7cf1212589b55034da7c4f8b7e235

    • SHA1

      01536537ca7799102a1d12ddd3254a21ff1412e6

    • SHA256

      250ec3c37b49067a2a9b49a5af27373354cd8edbe0001f6590c1499aa0d9b4df

    • SHA512

      c78033581641a4755c328b917f6287f7f04ff697f27db73319bb1e303f5857d91816d83b8e9a98b32948aac3baf3ab9c047cd43705a3c9214f2d9dbf16bc7e01

    • SSDEEP

      1536:QYFusSx9qYMhdFHS8qdydo3nTzhYxJA+CwNUtBZVY9v8prZP9mTVtZugW:QKS4jHS8q/3nTzePCwNUh4E9OZm

    Score
    10/10
    gh0stratrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks