Overview

overview

10

Static

static

3

21928a656c...35.exe

windows7-x64

10

21928a656c...35.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/10/2023, 05:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    21928a656c364e11b3ed14f483a1ab409e0e4940d958f493482bb294d64d1935.exe

  • Size

    1.1MB

  • MD5

    888a02b5fd45cb9cc5b42463fe862f24

  • SHA1

    d1d447dc8820b126d04c69bdc259d0ba2cb56de4

  • SHA256

    21928a656c364e11b3ed14f483a1ab409e0e4940d958f493482bb294d64d1935

  • SHA512

    593bdac019f0b5805638b1fbbe863011d5505c6a1e9d083654e10720bad7dec9e9465c06ab6180e7664d785963185fb7b47f5669ef48776691da606d5f5b9802

  • SSDEEP

    24576:eNBC4UkXXIoOda/ESxBRlfVnj8PDVj4rJOYt9OA5H1vbndKp:KUkXSa/EmBLfVnoPZcrsY3OAHjd6

Score
10/10
gh0stratrat

Malware Config

Extracted

Family

gh0strat

C2

154.22.235.79

Signatures

  • Gh0st RAT payload 2 IoCs
  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat
  • Suspicious use of NtSetInformationThreadHideFromDebugger 26 IoCs
  • Enumerates system info in registry 2 TTPs 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\21928a656c364e11b3ed14f483a1ab409e0e4940d958f493482bb294d64d1935.exe
    "C:\Users\Admin\AppData\Local\Temp\21928a656c364e11b3ed14f483a1ab409e0e4940d958f493482bb294d64d1935.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Enumerates system info in registry
    PID:340

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/340-0-0x0000000000400000-0x0000000000584000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/340-1-0x0000000075C50000-0x0000000075E65000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/340-3875-0x0000000076E10000-0x0000000076FB0000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/340-5884-0x0000000076170000-0x00000000761EA000-memory.dmp

    Filesize

    488KB

    Download

  • memory/340-13069-0x0000000000400000-0x0000000000584000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/340-13070-0x0000000000400000-0x0000000000584000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/340-13071-0x0000000000400000-0x0000000000584000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/340-13072-0x0000000000400000-0x0000000000584000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/340-13074-0x0000000000400000-0x0000000000584000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/340-13075-0x0000000000400000-0x0000000000584000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/340-13076-0x0000000010000000-0x0000000010015000-memory.dmp

    Filesize

    84KB

    Download

  • memory/340-13079-0x0000000000400000-0x0000000000584000-memory.dmp

    Filesize

    1.5MB

    Download