Overview

overview

10

Static

static

3

f493ab9508...04.exe

windows7-x64

10

f493ab9508...04.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    f493ab9508000aa9e56b4489c804156e8f5ba756983ad1825d9cc106ead01c04

  • Size

    356KB

  • Sample

    230805-hndhvscc3z

  • MD5

    ecba9be950e1455fecd6b0baa271432f

  • SHA1

    c9518cdfc97b0d3ad2d591b28bce8ccb41092cc0

  • SHA256

    f493ab9508000aa9e56b4489c804156e8f5ba756983ad1825d9cc106ead01c04

  • SHA512

    2fecc9e5f93eaaaa44a91f6003a9d568e916e40db5ad85198558eec5bf8999196438c7904d10fb59a2a71d3ebd1d38f73c77adfd59ae2563061de5c16b57fb79

  • SSDEEP

    6144:jhru3c9FNN8tyEW96wgvRHCzOYtqlGyzcsX3KA0LQIQR:9ruM9FNatyb3gNCpOdn/u

Score
10/10
gh0stratpersistencerat

Malware Config

Targets

    • Target

      f493ab9508000aa9e56b4489c804156e8f5ba756983ad1825d9cc106ead01c04

    • Size

      356KB

    • MD5

      ecba9be950e1455fecd6b0baa271432f

    • SHA1

      c9518cdfc97b0d3ad2d591b28bce8ccb41092cc0

    • SHA256

      f493ab9508000aa9e56b4489c804156e8f5ba756983ad1825d9cc106ead01c04

    • SHA512

      2fecc9e5f93eaaaa44a91f6003a9d568e916e40db5ad85198558eec5bf8999196438c7904d10fb59a2a71d3ebd1d38f73c77adfd59ae2563061de5c16b57fb79

    • SSDEEP

      6144:jhru3c9FNN8tyEW96wgvRHCzOYtqlGyzcsX3KA0LQIQR:9ruM9FNatyb3gNCpOdn/u

    Score
    10/10
    gh0stratpersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks