Overview

overview

10

Static

static

ae0c6d1571...51.exe

windows7-x64

10

ae0c6d1571...51.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ae0c6d1571befe39d9cf99b7ef4dfd1eed17493d785984426cdc5b95156a6a51

  • Size

    183KB

  • Sample

    221129-rxte4shb56

  • MD5

    eed406b84a1a317de2156d4504e2ccb8

  • SHA1

    ec34ff31d0c9a659bd29e20a7bf5035e810ec4a8

  • SHA256

    ae0c6d1571befe39d9cf99b7ef4dfd1eed17493d785984426cdc5b95156a6a51

  • SHA512

    fabe074d9bf738021b6542eeac341cbfb38a0b472f60be9f55a4853e3f9ef3b65f4f5e60634d95d6d8cb135de50e3a973f498a5b67096f9d3a5fa14ad13d4a39

  • SSDEEP

    3072:rMqKbTtCSIT0chwzzcdZKF8UvvoeWofjjpAVioRF8s//NLj6h+EvtRq:49MMmwzlqUHoeWofjjpAViY/lH6h+Evq

Score
10/10
gh0stratpersistencerat

Malware Config

Targets

    • Target

      ae0c6d1571befe39d9cf99b7ef4dfd1eed17493d785984426cdc5b95156a6a51

    • Size

      183KB

    • MD5

      eed406b84a1a317de2156d4504e2ccb8

    • SHA1

      ec34ff31d0c9a659bd29e20a7bf5035e810ec4a8

    • SHA256

      ae0c6d1571befe39d9cf99b7ef4dfd1eed17493d785984426cdc5b95156a6a51

    • SHA512

      fabe074d9bf738021b6542eeac341cbfb38a0b472f60be9f55a4853e3f9ef3b65f4f5e60634d95d6d8cb135de50e3a973f498a5b67096f9d3a5fa14ad13d4a39

    • SSDEEP

      3072:rMqKbTtCSIT0chwzzcdZKF8UvvoeWofjjpAVioRF8s//NLj6h+EvtRq:49MMmwzlqUHoeWofjjpAViY/lH6h+Evq

    Score
    10/10
    gh0stratpersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks