gh0strat | 3c1b5e0410ba215ed4b6758970e26250163d1665648c9580f6bddf55b5c1eb1d | Triage

Submit
Reports

Overview

overview

Static

static

7

dridex

windows10-2004-x64

Sharing

General

Target

3c1b5e0410ba215ed4b6758970e26250163d1665648c9580f6bddf55b5c1eb1d
Size

1.2MB
Sample

230324-sje61afc23
MD5

a3216df170c40e6b60a2c77f652f4c36
SHA1

f7edecdc50f18637097040910310d1a49357b4aa
SHA256

3c1b5e0410ba215ed4b6758970e26250163d1665648c9580f6bddf55b5c1eb1d
SHA512

dd8e49b6bc58483a6881855b40f16616d368dfb5dc124d4791e1ba53ebe91063bbeb48712dccd34c716eaf30fd384184409c8ffcdff88ea846e91ed3a2af04a5
SSDEEP

12288:U7i8Qjko5apP7Cod2alvJgHturh3payOVDEqK4EtEg/QO1Ga/M7x9eo:0i8ckVpDDd2+VzayCDpKPEg/7une

Score

10^/10

gh0strat rat vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3c1b5e0410ba215ed4b6758970e26250163d1665648c9580f6bddf55b5c1eb1d.exe

Resource

win10v2004-20230220-en

gh0strat rat vmprotect

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Extracted

Family

gh0strat

C2

3005.qmananan.com

Targets

- Target
  
  3c1b5e0410ba215ed4b6758970e26250163d1665648c9580f6bddf55b5c1eb1d
- Size
  
  1.2MB
- MD5
  
  a3216df170c40e6b60a2c77f652f4c36
- SHA1
  
  f7edecdc50f18637097040910310d1a49357b4aa
- SHA256
  
  3c1b5e0410ba215ed4b6758970e26250163d1665648c9580f6bddf55b5c1eb1d
- SHA512
  
  dd8e49b6bc58483a6881855b40f16616d368dfb5dc124d4791e1ba53ebe91063bbeb48712dccd34c716eaf30fd384184409c8ffcdff88ea846e91ed3a2af04a5
- SSDEEP
  
  12288:U7i8Qjko5apP7Cod2alvJgHturh3payOVDEqK4EtEg/QO1Ga/M7x9eo:0i8ckVpDDd2+VzayCDpKPEg/7une
Score

10^/10

gh0strat rat vmprotect
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gh0stratratvmprotect

© 2018-2024

Terms | Privacy