Overview

overview

10

Static

static

10

0.exe

windows7-x64

10

0.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-03-2023 12:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0.exe

  • Size

    71KB

  • MD5

    2a9d0d06d292a4cbbe4a95da4650ed54

  • SHA1

    44c32dfae9ac971c3651adbd82c821971a5400dc

  • SHA256

    09a1c17ac55cde962b4f3bcd61140d752d86362296ee74736000a6a647c73d8c

  • SHA512

    ed15670a18bffa1c5c1d79f1a5a653d6b2bde649164c955473580321f4ab3d048124c26e1a92e9d8ba0edaf754617d2d2c13d8db92323e09957b6de225b5314d

  • SSDEEP

    1536:jWZpTtLcWyeYd4//yEZc1GJf7/QP4uirySj5e:+pZTvnyEZiGJ7/QguiryS5e

Score
10/10
gh0stratrat

Malware Config

Signatures

  • Gh0st RAT payload 5 IoCs
  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat
  • Loads dropped DLL 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: LoadsDriver 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0.exe
    "C:\Users\Admin\AppData\Local\Temp\0.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1312
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k imgsvc
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:4388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\138700.dll
    Filesize

    64KB

    MD5

    45dc749351fd65d71da89ca2ed2766cb

    SHA1

    e080faf81157b7f867cb56938c5e579c206af9b9

    SHA256

    391109432ba2df9f3ebc74e0144f42a490405f7c8ecb51da01b4ce793be72f25

    SHA512

    7e63d8778a4656a19397849a6edb483993f1183257fb8c0793ad4b5c625ed69d1b9472969bac6dfc98938e19baed7e3e61ab80085a1a6edd8a50ca660ce3bf74

    Download Submit
  • C:\138700.dll
    Filesize

    64KB

    MD5

    45dc749351fd65d71da89ca2ed2766cb

    SHA1

    e080faf81157b7f867cb56938c5e579c206af9b9

    SHA256

    391109432ba2df9f3ebc74e0144f42a490405f7c8ecb51da01b4ce793be72f25

    SHA512

    7e63d8778a4656a19397849a6edb483993f1183257fb8c0793ad4b5c625ed69d1b9472969bac6dfc98938e19baed7e3e61ab80085a1a6edd8a50ca660ce3bf74

    Download Submit
  • C:\138700.dll
    Filesize

    64KB

    MD5

    45dc749351fd65d71da89ca2ed2766cb

    SHA1

    e080faf81157b7f867cb56938c5e579c206af9b9

    SHA256

    391109432ba2df9f3ebc74e0144f42a490405f7c8ecb51da01b4ce793be72f25

    SHA512

    7e63d8778a4656a19397849a6edb483993f1183257fb8c0793ad4b5c625ed69d1b9472969bac6dfc98938e19baed7e3e61ab80085a1a6edd8a50ca660ce3bf74

    Download Submit
  • C:\Windows\FileName.jpg
    Filesize

    4.8MB

    MD5

    65650a007fcb9e10305c32b43eda3cd8

    SHA1

    96e7367a7772314bb2c74f82552718fd1dddb201

    SHA256

    7b13ac6defdc9f33e56a8a707508d4f93c12ff22488b91526e3392cdcae92f48

    SHA512

    c178e6430f1a98339543b46d9ba8c4d9cd4b9efb8e489c71441acec5b5d195685f49f4927d486e5012a4db601e18b8d799fe7d907a1c6d9a6a5cdbe725731881

    Download Submit
  • \??\c:\NT_Path.jpg
    Filesize

    53B

    MD5

    29e685d8f71e4f6814db1d06a44c2a76

    SHA1

    bd261a426a5912dffdb0c4a832437af76a0a4940

    SHA256

    faa6ffbe12a04c76808e2740a4349f4ec6d911161cfc34fc7d9f9c7f0e1f3e2c

    SHA512

    f1a8fa5fd49ae1dae534b52f24ea1ab25112635fb864d329aecca314d8d132fadb8455554333dcffb497d3e2f10902d3b32fb829748daec4b7e136eb6dc2f41a

    Download Submit
  • \??\c:\windows\filename.jpg
    Filesize

    4.8MB

    MD5

    65650a007fcb9e10305c32b43eda3cd8

    SHA1

    96e7367a7772314bb2c74f82552718fd1dddb201

    SHA256

    7b13ac6defdc9f33e56a8a707508d4f93c12ff22488b91526e3392cdcae92f48

    SHA512

    c178e6430f1a98339543b46d9ba8c4d9cd4b9efb8e489c71441acec5b5d195685f49f4927d486e5012a4db601e18b8d799fe7d907a1c6d9a6a5cdbe725731881

    Download Submit