Overview

overview

10

Static

static

9af5459fab...cc.exe

windows7-x64

10

9af5459fab...cc.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    9af5459fab0e96c5d076bab8a9a1dd3f2ea65528b91d8bcfc48b892f8fcf55cc

  • Size

    676KB

  • Sample

    221203-ppekwadg5w

  • MD5

    db5f414cd03646210b04504a3fa1a77b

  • SHA1

    55e5a67772e951445e6a9e55de564cb3e91cf998

  • SHA256

    9af5459fab0e96c5d076bab8a9a1dd3f2ea65528b91d8bcfc48b892f8fcf55cc

  • SHA512

    3fd51609307dfbd1873a67846348bfbcfe42c3eb67dccf70850f57c7782b38f6ec2bc5fd1c8e6bfb77450a85e585cb4740bd83f5c0ea5cb8525796508bb57754

  • SSDEEP

    12288:cR+KeYpYYvncgVhfc8o2SuP8ObOXFoYmPvRPIF02kQoMI7yzuNuqv:cHPOYnFo2SuP8MOXF9mPvF2lkNMJzuNN

Score
10/10
gh0stratpersistencerat

Malware Config

Targets

    • Target

      9af5459fab0e96c5d076bab8a9a1dd3f2ea65528b91d8bcfc48b892f8fcf55cc

    • Size

      676KB

    • MD5

      db5f414cd03646210b04504a3fa1a77b

    • SHA1

      55e5a67772e951445e6a9e55de564cb3e91cf998

    • SHA256

      9af5459fab0e96c5d076bab8a9a1dd3f2ea65528b91d8bcfc48b892f8fcf55cc

    • SHA512

      3fd51609307dfbd1873a67846348bfbcfe42c3eb67dccf70850f57c7782b38f6ec2bc5fd1c8e6bfb77450a85e585cb4740bd83f5c0ea5cb8525796508bb57754

    • SSDEEP

      12288:cR+KeYpYYvncgVhfc8o2SuP8ObOXFoYmPvRPIF02kQoMI7yzuNuqv:cHPOYnFo2SuP8MOXF9mPvF2lkNMJzuNN

    Score
    10/10
    gh0stratpersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks