Overview

overview

10

Static

static

10

3B15486651...4E.dll

windows7-x64

10

3B15486651...4E.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3B15486651F5E552FE3A354485AA2751DD730B8C3DD4E.dll

  • Size

    172KB

  • Sample

    230103-redxpsbf29

  • MD5

    f544eb1f87d84e22f36af9313c234342

  • SHA1

    d23f3c66ae84b7f9cf951cb4cdf99e55e4d823e0

  • SHA256

    3b15486651f5e552fe3a354485aa2751dd730b8c3dd4ec26c0d9a976b2d3b129

  • SHA512

    768e3fa8c5d453c9e34161063fb82196306fa018f17a4ea2f09174b660109a1e5d178433604c703f694315df05d776dc13c4ccb3edac9016cd5f9d8ec87fac2f

  • SSDEEP

    3072:9/gWEkncfFsQTvrhPkC7xZkuXaJhNeETNsAq6nUlk6/MPNm:9LPnc2qrJ51ZkMaJhQCNBU8

Score
10/10
gh0stratrat

Malware Config

Targets

    • Target

      3B15486651F5E552FE3A354485AA2751DD730B8C3DD4E.dll

    • Size

      172KB

    • MD5

      f544eb1f87d84e22f36af9313c234342

    • SHA1

      d23f3c66ae84b7f9cf951cb4cdf99e55e4d823e0

    • SHA256

      3b15486651f5e552fe3a354485aa2751dd730b8c3dd4ec26c0d9a976b2d3b129

    • SHA512

      768e3fa8c5d453c9e34161063fb82196306fa018f17a4ea2f09174b660109a1e5d178433604c703f694315df05d776dc13c4ccb3edac9016cd5f9d8ec87fac2f

    • SSDEEP

      3072:9/gWEkncfFsQTvrhPkC7xZkuXaJhNeETNsAq6nUlk6/MPNm:9LPnc2qrJ51ZkMaJhQCNBU8

    Score
    10/10
    gh0stratrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks