Overview

overview

10

Static

static

10

f21bfc6660...6a.exe

windows7-x64

10

f21bfc6660...6a.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    f21bfc6660cd64adc45eda10613e5c705273ad7bb6099dad5c4eefa5012c9b6a

  • Size

    492KB

  • Sample

    221205-f9rlhaad39

  • MD5

    323601ea013a93514856cb43a58030b4

  • SHA1

    53263b5e5122881756b597e58d90b713ad61e16c

  • SHA256

    f21bfc6660cd64adc45eda10613e5c705273ad7bb6099dad5c4eefa5012c9b6a

  • SHA512

    6f170cd2dd8b22bc76a05eb591356ae813399f1414d23f129849eadd68a01f830d791e6db86d50d8c1c4a0cbf72edefd5064e28f59ada692841301d8ac8f4b48

  • SSDEEP

    6144:o4RFDmLzNZVazYloL8cKCXTq7drxfBr5h1MmUdKrw2Rnh5Esym2E87RzYQR0jXH7:FRFDmH3VHFF3MmUiweh5EsyY8dzPML

Score
10/10
gh0strataspackv2persistencerat

Malware Config

Targets

    • Target

      f21bfc6660cd64adc45eda10613e5c705273ad7bb6099dad5c4eefa5012c9b6a

    • Size

      492KB

    • MD5

      323601ea013a93514856cb43a58030b4

    • SHA1

      53263b5e5122881756b597e58d90b713ad61e16c

    • SHA256

      f21bfc6660cd64adc45eda10613e5c705273ad7bb6099dad5c4eefa5012c9b6a

    • SHA512

      6f170cd2dd8b22bc76a05eb591356ae813399f1414d23f129849eadd68a01f830d791e6db86d50d8c1c4a0cbf72edefd5064e28f59ada692841301d8ac8f4b48

    • SSDEEP

      6144:o4RFDmLzNZVazYloL8cKCXTq7drxfBr5h1MmUdKrw2Rnh5Esym2E87RzYQR0jXH7:FRFDmH3VHFF3MmUiweh5EsyY8dzPML

    Score
    10/10
    gh0strataspackv2persistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks