gh0strat | 7089a053094654a173c4831cd777b040dfbe27da558099297549db67e4e638ec | Triage

Submit
Reports

Overview

overview

Static

static

7

dridex

windows10-2004-x64

Sharing

General

Target

7089a053094654a173c4831cd777b040dfbe27da558099297549db67e4e638ec
Size

1.1MB
Sample

230403-pkb9ysgb6s
MD5

84eaf7f316c7113fc09cdfb0bf9a8cf9
SHA1

90c6288bab30b248804037d23660cd0f087c0af4
SHA256

7089a053094654a173c4831cd777b040dfbe27da558099297549db67e4e638ec
SHA512

bc1f2950bb1eb80dc76fb4081e2230e933b2b85ac7fb0e8a23a1b4ed4b0a2bdc4b3e329942e86858a3b25382b055e0ec5f0e46509b4a380ce0e823b2be8ea50b
SSDEEP

12288:dcx+OV3ayNJQYJw9ece0A3uzQpeC5i1hTb0MHW+TgpO+Tfltqo:dcxD3Nn+Ubi3TIuelo

Score

10^/10

gh0strat rat vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

7089a053094654a173c4831cd777b040dfbe27da558099297549db67e4e638ec.exe

Resource

win10v2004-20230220-en

gh0strat rat vmprotect

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Extracted

Family

gh0strat

C2

3005.qmananan.com

Targets

- Target
  
  7089a053094654a173c4831cd777b040dfbe27da558099297549db67e4e638ec
- Size
  
  1.1MB
- MD5
  
  84eaf7f316c7113fc09cdfb0bf9a8cf9
- SHA1
  
  90c6288bab30b248804037d23660cd0f087c0af4
- SHA256
  
  7089a053094654a173c4831cd777b040dfbe27da558099297549db67e4e638ec
- SHA512
  
  bc1f2950bb1eb80dc76fb4081e2230e933b2b85ac7fb0e8a23a1b4ed4b0a2bdc4b3e329942e86858a3b25382b055e0ec5f0e46509b4a380ce0e823b2be8ea50b
- SSDEEP
  
  12288:dcx+OV3ayNJQYJw9ece0A3uzQpeC5i1hTb0MHW+TgpO+Tfltqo:dcxD3Nn+Ubi3TIuelo
Score

10^/10

gh0strat rat vmprotect
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gh0stratratvmprotect

© 2018-2024

Terms | Privacy