Overview

overview

10

Static

static

3

dec33fdcb9...49.exe

windows7-x64

10

dec33fdcb9...49.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/09/2023, 11:46

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    dec33fdcb95c2d9f8f99cb6793f90121cdc40ed8bb86c110e8c7a2f0983c3f49.exe

  • Size

    48KB

  • MD5

    ea6540fe95c3494c07235e2e9ca17a0e

  • SHA1

    4bb6030b37dba86d962c3c2ca52acd9f42ea1a6a

  • SHA256

    dec33fdcb95c2d9f8f99cb6793f90121cdc40ed8bb86c110e8c7a2f0983c3f49

  • SHA512

    9534a4959d9b7ffaf7a09f8c8417b6f1660d451d3b3bc65159d778fb152542f02804f506e9d9389798cf17a7fc69519422d85dbc9761a4c252cb03294bf40f1d

  • SSDEEP

    384:1PzIYf7VZ3CegxnBDPu1Cnpnbau+1AMKimDJ19y1Z0Pedf82t0iwd5ASc:BzBf7VZ3CXvDPuIpOu+SMoseOk2aiI2

Score
10/10
gh0stratpersistencerat

Malware Config

Signatures

  • Gh0st RAT payload 2 IoCs
  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dec33fdcb95c2d9f8f99cb6793f90121cdc40ed8bb86c110e8c7a2f0983c3f49.exe
    "C:\Users\Admin\AppData\Local\Temp\dec33fdcb95c2d9f8f99cb6793f90121cdc40ed8bb86c110e8c7a2f0983c3f49.exe"
    1⤵
    • Adds Run key to start application
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:2628

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2628-0-0x00000000025B0000-0x00000000025FE000-memory.dmp

          Filesize

          312KB

          Download

        • memory/2628-1-0x0000000010000000-0x0000000010018000-memory.dmp

          Filesize

          96KB

          Download