Overview

overview

10

Static

static

10

b10417f91b...a1.exe

windows7-x64

10

b10417f91b...a1.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    152s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/12/2022, 21:13

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b10417f91b7d7835111826a31ccacffdcf87e30100ccc1cb41ba2a3a7466a9a1.exe

  • Size

    570KB

  • MD5

    8870eb8a7826f9704cd158b3a5210771

  • SHA1

    3a7864c63e2f114536a7a656c971f3cafe030bec

  • SHA256

    b10417f91b7d7835111826a31ccacffdcf87e30100ccc1cb41ba2a3a7466a9a1

  • SHA512

    0ce5e78138cd026e4d8712208f6b8e08a0eaea23e59a32a1a7f42b9ef0b7d95d98973d79065e65ed1b55f62c308fec3bafb4183dcb0d1e505b24964736414293

  • SSDEEP

    12288:JUIZVQQxfnr+TK7r79/JCtWCtCsbzm/6M5xy:JzVQQxfnr+TK7r79/JC/t3bi6M5xy

Score
10/10
gh0stratpersistencerat

Malware Config

Signatures

  • Gh0st RAT payload 2 IoCs
  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b10417f91b7d7835111826a31ccacffdcf87e30100ccc1cb41ba2a3a7466a9a1.exe
    "C:\Users\Admin\AppData\Local\Temp\b10417f91b7d7835111826a31ccacffdcf87e30100ccc1cb41ba2a3a7466a9a1.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:884
    • \??\c:\Windows\svchest425024042502400.exe
      c:\Windows\svchest425024042502400.exe
      2⤵
      • Executes dropped EXE
      PID:4676

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\svchest425024042502400.exe
          Filesize

          570KB

          MD5

          8870eb8a7826f9704cd158b3a5210771

          SHA1

          3a7864c63e2f114536a7a656c971f3cafe030bec

          SHA256

          b10417f91b7d7835111826a31ccacffdcf87e30100ccc1cb41ba2a3a7466a9a1

          SHA512

          0ce5e78138cd026e4d8712208f6b8e08a0eaea23e59a32a1a7f42b9ef0b7d95d98973d79065e65ed1b55f62c308fec3bafb4183dcb0d1e505b24964736414293

          Download Submit

        • \??\c:\Windows\svchest425024042502400.exe
          Filesize

          570KB

          MD5

          8870eb8a7826f9704cd158b3a5210771

          SHA1

          3a7864c63e2f114536a7a656c971f3cafe030bec

          SHA256

          b10417f91b7d7835111826a31ccacffdcf87e30100ccc1cb41ba2a3a7466a9a1

          SHA512

          0ce5e78138cd026e4d8712208f6b8e08a0eaea23e59a32a1a7f42b9ef0b7d95d98973d79065e65ed1b55f62c308fec3bafb4183dcb0d1e505b24964736414293

          Download Submit