gh0strat | 348f3b0f98d4d24e46490bcd8409836d7b47e1245c6fa90ca5fe85fb3cc77acf | Triage

Submit
Reports

Overview

overview

Static

static

7

dridex

windows10-2004-x64

Sharing

General

Target

348f3b0f98d4d24e46490bcd8409836d7b47e1245c6fa90ca5fe85fb3cc77acf
Size

1.1MB
Sample

230404-a55pnsdg6z
MD5

62c20b2be38c375d179ea9689c2dd98c
SHA1

3d5a2781bfbba48b19a49f11f3254229a684bba0
SHA256

348f3b0f98d4d24e46490bcd8409836d7b47e1245c6fa90ca5fe85fb3cc77acf
SHA512

9b6d4ce92aa00f4f828ad54a83ca7be3c0394208162c6d2cae0c4e5c7a6d97b19488f93712cd1a8a6a5d383c68f3b8c6758c872577f726333f341baa1378ac89
SSDEEP

24576:hY/vw76zbbp6UAcagfKUeKjz0S0G6oN11OnF/A3ACe6:hV76zJ6tcax3w1UVS/

Score

10^/10

gh0strat rat vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

348f3b0f98d4d24e46490bcd8409836d7b47e1245c6fa90ca5fe85fb3cc77acf.exe

Resource

win10v2004-20230221-en

gh0strat rat vmprotect

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Extracted

Family

gh0strat

C2

3005.qmananan.com

Targets

- Target
  
  348f3b0f98d4d24e46490bcd8409836d7b47e1245c6fa90ca5fe85fb3cc77acf
- Size
  
  1.1MB
- MD5
  
  62c20b2be38c375d179ea9689c2dd98c
- SHA1
  
  3d5a2781bfbba48b19a49f11f3254229a684bba0
- SHA256
  
  348f3b0f98d4d24e46490bcd8409836d7b47e1245c6fa90ca5fe85fb3cc77acf
- SHA512
  
  9b6d4ce92aa00f4f828ad54a83ca7be3c0394208162c6d2cae0c4e5c7a6d97b19488f93712cd1a8a6a5d383c68f3b8c6758c872577f726333f341baa1378ac89
- SSDEEP
  
  24576:hY/vw76zbbp6UAcagfKUeKjz0S0G6oN11OnF/A3ACe6:hV76zJ6tcax3w1UVS/
Score

10^/10

gh0strat rat vmprotect
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gh0stratratvmprotect

© 2018-2024

Terms | Privacy