Overview

overview

10

Static

static

10

db2ecedeb3...38.exe

windows7-x64

10

db2ecedeb3...38.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    153s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/12/2022, 12:36

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    db2ecedeb37faf0bf8525bd5307d0de582ff3c791035e18661776629a69d1b38.exe

  • Size

    71KB

  • MD5

    43b7c75056a735a9dcaf2ed9d6ba508d

  • SHA1

    e01259c3f3e279a2c1568c1bff9929681dea0398

  • SHA256

    db2ecedeb37faf0bf8525bd5307d0de582ff3c791035e18661776629a69d1b38

  • SHA512

    91f53cd7989d1deebe9d00897f2aaeb74b1ab4be36c8a6d96039ffaa750a623ef6e237a55581c0a3bb1bae2688e4d4b5aa44cd0a63f6dad8d1814f6039b30830

  • SSDEEP

    1536:jWZpTtLcWyeYd4//yEZc1GJf7/QP4uiryQ5e:+pZTvnyEZiGJ7/QguiryQ5e

Score
10/10
gh0stratrat

Malware Config

Signatures

  • Gh0st RAT payload 4 IoCs
  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat
  • Loads dropped DLL 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: LoadsDriver 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\db2ecedeb37faf0bf8525bd5307d0de582ff3c791035e18661776629a69d1b38.exe
    "C:\Users\Admin\AppData\Local\Temp\db2ecedeb37faf0bf8525bd5307d0de582ff3c791035e18661776629a69d1b38.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:3120
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k imgsvc
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:3836

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\3184800.dll
          Filesize

          64KB

          MD5

          7d8a10887b367b24a8b1ba68230b5ac3

          SHA1

          bc117aa0cf4eff940f3376580e7bc665994ddce7

          SHA256

          79df355092a19ead49965c8b7b896b563a817bfa30b94a726bc54f479747e38e

          SHA512

          c3b4833b98a5ff05e0cd73494b432ffc1c31b0f9f91563b32300570d25d998871815c94d82f46e297f62cc00792aadb57a053f7ad68b74d47a3eaf398d67b709

          Download Submit

        • C:\3184800.dll
          Filesize

          64KB

          MD5

          7d8a10887b367b24a8b1ba68230b5ac3

          SHA1

          bc117aa0cf4eff940f3376580e7bc665994ddce7

          SHA256

          79df355092a19ead49965c8b7b896b563a817bfa30b94a726bc54f479747e38e

          SHA512

          c3b4833b98a5ff05e0cd73494b432ffc1c31b0f9f91563b32300570d25d998871815c94d82f46e297f62cc00792aadb57a053f7ad68b74d47a3eaf398d67b709

          Download Submit

        • C:\Windows\FileName.jpg
          Filesize

          5.6MB

          MD5

          1a4e2fcbbb02db9c65678a98b6e7207b

          SHA1

          edc85cee7c8229d77831f7836616b4a96ca67755

          SHA256

          a37aa33bc336f6d596ef9ad0aeb678560021b74a0c4c7d8a7092c500b0df4917

          SHA512

          c209a2e13efdaa35871e44e08ba484da7f30719192b4f807119bf91970d60718d704cf9b9296902be11cbc5fd757e9d7be6bc35e6028c2366e5f8657e4913a95

          Download Submit

        • \??\c:\NT_Path.jpg
          Filesize

          117B

          MD5

          24ede90dd4b43c5199f0953beffb2e01

          SHA1

          693736966c2a83a7f024887d991200dd2c74dcd5

          SHA256

          7ec608c62bc62ddfd59749887ea0775ef60abbeba33846931042f9986d36d990

          SHA512

          7961c144104a9df33a0c1b28e55cf76279ae815cd572f4b2727bae820e1b76178a5103329e0a6f7329df6866ed7c9444440cfe69b8fe1f818270aa2b9c111191

          Download Submit

        • \??\c:\windows\filename.jpg
          Filesize

          5.6MB

          MD5

          1a4e2fcbbb02db9c65678a98b6e7207b

          SHA1

          edc85cee7c8229d77831f7836616b4a96ca67755

          SHA256

          a37aa33bc336f6d596ef9ad0aeb678560021b74a0c4c7d8a7092c500b0df4917

          SHA512

          c209a2e13efdaa35871e44e08ba484da7f30719192b4f807119bf91970d60718d704cf9b9296902be11cbc5fd757e9d7be6bc35e6028c2366e5f8657e4913a95

          Download Submit