Overview

overview

10

Static

static

f81cefc5b2...21.exe

windows7-x64

10

f81cefc5b2...21.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f81cefc5b27a8930fa7fd83d5d46df5d46ceb45f244cc0366f3b72d53b5a2721.exe

  • Size

    185KB

  • Sample

    221222-df1afadg58

  • MD5

    b11e7218cb481804403951feca2b5c23

  • SHA1

    734dd67c960c786c2c55026605d5702dae6d0d86

  • SHA256

    f81cefc5b27a8930fa7fd83d5d46df5d46ceb45f244cc0366f3b72d53b5a2721

  • SHA512

    6b7226dec6aa578c6a7f8c179be95604eaf426003d1726b47ebe18f31848df7d018b1396b49c07f4a6366b05b77382f40dc8b94907fb475828f63040e8acd073

  • SSDEEP

    3072:2R1+aJe1mgawzxsBub861jIHxowh8j6X/3VGVnpUlCz764/9xpEEBqbZuwSy/Gmo:2RUTV5nA8j6XPVGpxx9b3wZuwSOGmYTJ

Score
10/10
gh0stratrat

Malware Config

Targets

    • Target

      f81cefc5b27a8930fa7fd83d5d46df5d46ceb45f244cc0366f3b72d53b5a2721.exe

    • Size

      185KB

    • MD5

      b11e7218cb481804403951feca2b5c23

    • SHA1

      734dd67c960c786c2c55026605d5702dae6d0d86

    • SHA256

      f81cefc5b27a8930fa7fd83d5d46df5d46ceb45f244cc0366f3b72d53b5a2721

    • SHA512

      6b7226dec6aa578c6a7f8c179be95604eaf426003d1726b47ebe18f31848df7d018b1396b49c07f4a6366b05b77382f40dc8b94907fb475828f63040e8acd073

    • SSDEEP

      3072:2R1+aJe1mgawzxsBub861jIHxowh8j6X/3VGVnpUlCz764/9xpEEBqbZuwSy/Gmo:2RUTV5nA8j6XPVGpxx9b3wZuwSOGmYTJ

    Score
    10/10
    gh0stratrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks