Overview

overview

10

Static

static

fb97c75e8b...82.exe

windows7-x64

10

fb97c75e8b...82.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    fb97c75e8b4950cb32abf866d3ccb30ef9515ac032907c770714c79d88e29c82

  • Size

    174KB

  • Sample

    221202-vcb7wafa63

  • MD5

    1c8ae51f54b1342cecbdc9ec4f62f5b0

  • SHA1

    37fe43eaee391ca80add0cd71de49d4166fc37bd

  • SHA256

    fb97c75e8b4950cb32abf866d3ccb30ef9515ac032907c770714c79d88e29c82

  • SHA512

    8d2705cccb73bbca17e07465d5f671795fbb37a2acea1e5703d988624bdaf08b9ae9c8ad6e8f51a4a93d8c388a45c918bd6a46840883f48c024ad4accb6c7846

  • SSDEEP

    3072:uwR5g46PJhgJKpu81lkvERY7BZLyBROvIpIqLUxoUPI05Tu1M95P6+rfGqFTanGE:fR2zMJ3MRY2BROvGIdxbA6u1MX6+j/Fo

Score
10/10
gh0stratpersistencerat

Malware Config

Targets

    • Target

      fb97c75e8b4950cb32abf866d3ccb30ef9515ac032907c770714c79d88e29c82

    • Size

      174KB

    • MD5

      1c8ae51f54b1342cecbdc9ec4f62f5b0

    • SHA1

      37fe43eaee391ca80add0cd71de49d4166fc37bd

    • SHA256

      fb97c75e8b4950cb32abf866d3ccb30ef9515ac032907c770714c79d88e29c82

    • SHA512

      8d2705cccb73bbca17e07465d5f671795fbb37a2acea1e5703d988624bdaf08b9ae9c8ad6e8f51a4a93d8c388a45c918bd6a46840883f48c024ad4accb6c7846

    • SSDEEP

      3072:uwR5g46PJhgJKpu81lkvERY7BZLyBROvIpIqLUxoUPI05Tu1M95P6+rfGqFTanGE:fR2zMJ3MRY2BROvGIdxbA6u1MX6+j/Fo

    Score
    10/10
    gh0stratpersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Executes dropped EXE

    • Sets DLL path for service in the registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks