Analysis
-
max time kernel
244s -
max time network
337s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
05/12/2022, 07:02
General
-
Target
811499bc5b82b00331af58aa59d990744f4ccb5d5968beaea4304af7bedf3110.exe
-
Size
278KB
-
MD5
9ddcdafde8ba775c90ed175289768a3f
-
SHA1
07b5062c4c7342d2a2dd90b44cb9439763efc454
-
SHA256
811499bc5b82b00331af58aa59d990744f4ccb5d5968beaea4304af7bedf3110
-
SHA512
a83c7170e88e8f84a3c6df26bd6f7f6e00a335bd680bf2817a9a228166beaa8606ce93bb81059847a2386776c20135d52601c6a21d35f50cab6f146a6a77142f
-
SSDEEP
6144:R3NvTgeWRMbYM0EKs6WmfDSWZJwQwQZExnZkqtkV3i:hNLgeWRMZ07pJxrsZkqSV3i
Score
10/10
Malware Config
Signatures
-
Gh0st RAT payload 1 IoCs
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Drops file in Program Files directory 2 IoCs
-
Drops file in Windows directory 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\811499bc5b82b00331af58aa59d990744f4ccb5d5968beaea4304af7bedf3110.exe"C:\Users\Admin\AppData\Local\Temp\811499bc5b82b00331af58aa59d990744f4ccb5d5968beaea4304af7bedf3110.exe"1⤵
- Drops file in Program Files directory
- Drops file in Windows directory
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
-
Filesize
480KB
-
Filesize
480KB
-
Filesize
480KB
-
Filesize
248KB
-
Filesize
480KB
-
Filesize
480KB
-
Filesize
52KB
-
Filesize
248KB