Overview

overview

10

Static

static

e3abf71dd4...e9.exe

windows7-x64

8

e3abf71dd4...e9.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    e3abf71dd4b1e04a2930cfbc946f3709b382d06522e74b135a6913d03b05dee9

  • Size

    96KB

  • Sample

    221203-d25gaaed4v

  • MD5

    ffe52b1f53395c0bf19a812b9f2774af

  • SHA1

    188a99d8b1403af26aa255f1ab39d86a0f55acbc

  • SHA256

    e3abf71dd4b1e04a2930cfbc946f3709b382d06522e74b135a6913d03b05dee9

  • SHA512

    c65ec883ebf572d1b56c91c476e6388f105160563f7a51aa163b93e6e282487c72cd386d9e9b63e624155ead854bb123f175bc321ecf96bd5f63b565673ca234

  • SSDEEP

    1536:IpFusSx9qYMhdFHS8qdydo3nTzhYxJA+CwNUtBZVY9v8prAsRr+KXvb:I/S4jHS8q/3nTzePCwNUh4E9ALKXvb

Score
10/10
gh0stratrat

Malware Config

Targets

    • Target

      e3abf71dd4b1e04a2930cfbc946f3709b382d06522e74b135a6913d03b05dee9

    • Size

      96KB

    • MD5

      ffe52b1f53395c0bf19a812b9f2774af

    • SHA1

      188a99d8b1403af26aa255f1ab39d86a0f55acbc

    • SHA256

      e3abf71dd4b1e04a2930cfbc946f3709b382d06522e74b135a6913d03b05dee9

    • SHA512

      c65ec883ebf572d1b56c91c476e6388f105160563f7a51aa163b93e6e282487c72cd386d9e9b63e624155ead854bb123f175bc321ecf96bd5f63b565673ca234

    • SSDEEP

      1536:IpFusSx9qYMhdFHS8qdydo3nTzhYxJA+CwNUtBZVY9v8prAsRr+KXvb:I/S4jHS8q/3nTzePCwNUh4E9ALKXvb

    Score
    10/10
    gh0stratrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks