Overview

overview

10

Static

static

10

a6040819ec...e4.exe

windows7-x64

10

a6040819ec...e4.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    a6040819ec29c60f2f25bc86fe70a581fa0f642ebe558ce292f025934e8b43e4

  • Size

    377KB

  • Sample

    221203-n57e6agh77

  • MD5

    322e9cfb8f9870d123676d56bea31702

  • SHA1

    dbe26b809a490b8143a4fe2f269acfb79b617d7f

  • SHA256

    a6040819ec29c60f2f25bc86fe70a581fa0f642ebe558ce292f025934e8b43e4

  • SHA512

    8345b4a3713a2f22d3489f2a9f7d54d536a0f2e0c2c481f88b433a76830b586988c36d1b81c55c4efb5914bb286fda222cec11443808a2132717ccce8f6b24af

  • SSDEEP

    6144:JsItKnWUQRBTyPRqyhYPbncTBlhHrrndnkv0oXGNBBy/2g7yZY7uCMt7PoN57WzF:2tWUnJq8YPbncT3mKyug7A0A

Score
10/10
gh0stratrat

Malware Config

Targets

    • Target

      a6040819ec29c60f2f25bc86fe70a581fa0f642ebe558ce292f025934e8b43e4

    • Size

      377KB

    • MD5

      322e9cfb8f9870d123676d56bea31702

    • SHA1

      dbe26b809a490b8143a4fe2f269acfb79b617d7f

    • SHA256

      a6040819ec29c60f2f25bc86fe70a581fa0f642ebe558ce292f025934e8b43e4

    • SHA512

      8345b4a3713a2f22d3489f2a9f7d54d536a0f2e0c2c481f88b433a76830b586988c36d1b81c55c4efb5914bb286fda222cec11443808a2132717ccce8f6b24af

    • SSDEEP

      6144:JsItKnWUQRBTyPRqyhYPbncTBlhHrrndnkv0oXGNBBy/2g7yZY7uCMt7PoN57WzF:2tWUnJq8YPbncT3mKyug7A0A

    Score
    10/10
    gh0stratrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks