Overview

overview

10

Static

static

10

8f4ca6241d...ff.exe

windows7-x64

10

8f4ca6241d...ff.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8f4ca6241d4fa15e0e5ed835eb860fd56b7f04c32554f1ca81825801c1f5f2ff

  • Size

    105KB

  • Sample

    221204-v5bf2sef5z

  • MD5

    bf74d9db0275d302005fc22bb84f4f34

  • SHA1

    9b84e51699891fd2f365f19232cfd76d6b427329

  • SHA256

    8f4ca6241d4fa15e0e5ed835eb860fd56b7f04c32554f1ca81825801c1f5f2ff

  • SHA512

    523d327e8bb128e85c22c9d2114ca3964a71220c70faed9f9564936162cb199b8b7db2fa94eea9267d687b65058a8af174ada5f5bc922259a35c1842638d99ac

  • SSDEEP

    3072:QaBNxs/6Yi0yNp9zJeR4KIhjeNJ4hfEw4hqV/93:fXxs/8DLapI1CifEdhq7

Score
10/10
gh0stratpersistencerat

Malware Config

Targets

    • Target

      8f4ca6241d4fa15e0e5ed835eb860fd56b7f04c32554f1ca81825801c1f5f2ff

    • Size

      105KB

    • MD5

      bf74d9db0275d302005fc22bb84f4f34

    • SHA1

      9b84e51699891fd2f365f19232cfd76d6b427329

    • SHA256

      8f4ca6241d4fa15e0e5ed835eb860fd56b7f04c32554f1ca81825801c1f5f2ff

    • SHA512

      523d327e8bb128e85c22c9d2114ca3964a71220c70faed9f9564936162cb199b8b7db2fa94eea9267d687b65058a8af174ada5f5bc922259a35c1842638d99ac

    • SSDEEP

      3072:QaBNxs/6Yi0yNp9zJeR4KIhjeNJ4hfEw4hqV/93:fXxs/8DLapI1CifEdhq7

    Score
    10/10
    gh0stratpersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Sets DLL path for service in the registry

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks