Overview

overview

10

Static

static

8

aa041fb6e9...ea.exe

windows7-x64

10

aa041fb6e9...ea.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aa041fb6e92bf8da551b760fbd8e4048d1bf1069a4d0e9f6dfb683a2908147ea

  • Size

    421KB

  • Sample

    221129-s2de5acd87

  • MD5

    2261d59f9efdae722af0fd70cd8cd1a4

  • SHA1

    6f0efc457d24bcaaca6eff311cf617ba6372bec1

  • SHA256

    aa041fb6e92bf8da551b760fbd8e4048d1bf1069a4d0e9f6dfb683a2908147ea

  • SHA512

    dafa7538e49ee09cf42eb8fb2343fc6fc6bd28205400ea0319864d63fe1a7f5ced12bf2db675e3ddaa88471c1cd3aa877e8e46eb88477feb90abbc0399794e85

  • SSDEEP

    12288:EfnnK9zABs+TbFx9SXOPCf8DkqAR8zH6eS2f/LDloXMWQ:EfK9zUHFpi8/cSLDqXG

Score
10/10
gh0stratratupx

Malware Config

Targets

    • Target

      aa041fb6e92bf8da551b760fbd8e4048d1bf1069a4d0e9f6dfb683a2908147ea

    • Size

      421KB

    • MD5

      2261d59f9efdae722af0fd70cd8cd1a4

    • SHA1

      6f0efc457d24bcaaca6eff311cf617ba6372bec1

    • SHA256

      aa041fb6e92bf8da551b760fbd8e4048d1bf1069a4d0e9f6dfb683a2908147ea

    • SHA512

      dafa7538e49ee09cf42eb8fb2343fc6fc6bd28205400ea0319864d63fe1a7f5ced12bf2db675e3ddaa88471c1cd3aa877e8e46eb88477feb90abbc0399794e85

    • SSDEEP

      12288:EfnnK9zABs+TbFx9SXOPCf8DkqAR8zH6eS2f/LDloXMWQ:EfK9zUHFpi8/cSLDqXG

    Score
    10/10
    gh0stratratupx

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks