Overview

overview

10

Static

static

10

ac2f992fc6...f3.exe

windows7-x64

10

ac2f992fc6...f3.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ac2f992fc62e83cd8806dc9763a7475239bf508d278855da84b7cdc4ba61cff3

  • Size

    124KB

  • Sample

    221206-ccxjpsba6s

  • MD5

    646103b6bf967d80a3aff79d6ba8ef8e

  • SHA1

    0d6b7f5f4594d4e953bc28cbbc4ea15a308b0562

  • SHA256

    ac2f992fc62e83cd8806dc9763a7475239bf508d278855da84b7cdc4ba61cff3

  • SHA512

    27de208baef7bac916eb6d11cdcef8b9c1124b764b650bf99ae52389fbe534cdf423cb4e886a1281b28f8f222443681c6f63927199ed2246a1d93340e39dd247

  • SSDEEP

    1536:fVH8Zf/NyESRVwFQ4l6iTA/7IxCRADcNrUf8RsFqQSE+:fZ8vyFwFD6HDIgRAD+rG8RsaE

Score
10/10
gh0stratpersistencerat

Malware Config

Targets

    • Target

      ac2f992fc62e83cd8806dc9763a7475239bf508d278855da84b7cdc4ba61cff3

    • Size

      124KB

    • MD5

      646103b6bf967d80a3aff79d6ba8ef8e

    • SHA1

      0d6b7f5f4594d4e953bc28cbbc4ea15a308b0562

    • SHA256

      ac2f992fc62e83cd8806dc9763a7475239bf508d278855da84b7cdc4ba61cff3

    • SHA512

      27de208baef7bac916eb6d11cdcef8b9c1124b764b650bf99ae52389fbe534cdf423cb4e886a1281b28f8f222443681c6f63927199ed2246a1d93340e39dd247

    • SSDEEP

      1536:fVH8Zf/NyESRVwFQ4l6iTA/7IxCRADcNrUf8RsFqQSE+:fZ8vyFwFD6HDIgRAD+rG8RsaE

    Score
    10/10
    gh0stratpersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Sets DLL path for service in the registry

      persistence

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks