Overview

overview

10

Static

static

10

NEAS.0acc8...JC.exe

windows7-x64

10

NEAS.0acc8...JC.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    170s
  • max time network
    176s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/10/2023, 17:28

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.0acc837c802111544148c6a78ab9f050_JC.exe

  • Size

    196KB

  • MD5

    0acc837c802111544148c6a78ab9f050

  • SHA1

    6e850d1eb77070cce1f72ec9a4856c406eb9f89a

  • SHA256

    79200d33f9dd30f8a15c7957158ca1402cb62a126797f3533cc67b81218f0840

  • SHA512

    dc38a56624e37d44afc1ac61be1b540c6c86b5d0214faeceff63ed34a20020bb3e41e1fa2bcda58b32ea36f14595e87779d908675de0ccdd52bcae2e5064b033

  • SSDEEP

    3072:s6ixrcYyNNBxIf58d6UuSMhXk22T94oz7vEEZzcEtJO7Ri+lxBvby6MX09:sbANBxIxh0u4TSg7vECzcK07RpPp3

Score
10/10
gh0stratrat

Malware Config

Signatures

  • Gh0st RAT payload 5 IoCs
  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat
  • Deletes itself 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: LoadsDriver 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.0acc837c802111544148c6a78ab9f050_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.0acc837c802111544148c6a78ab9f050_JC.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of AdjustPrivilegeToken
    PID:4932
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k imgsvc
    1⤵
    • Deletes itself
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:4760

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\647000.dll
          Filesize

          133KB

          MD5

          ade1a0eeeb10d2cc909181aaf217be88

          SHA1

          15902ba3709ad0b8ddc7a73b36b4a3e40ecc49c9

          SHA256

          7cab00f628545e45670cc2983749f4de52562c39280447be1fdb4b0dff84bc61

          SHA512

          18ddc4024fca3447df810f9593bba350d845e340d3f3d56dcefd28618116021313f7962174f68de42e7bfc44b3483089f50638456bfdaaaa70f12a08297277b1

          Download Submit

        • C:\647000.dll
          Filesize

          133KB

          MD5

          ade1a0eeeb10d2cc909181aaf217be88

          SHA1

          15902ba3709ad0b8ddc7a73b36b4a3e40ecc49c9

          SHA256

          7cab00f628545e45670cc2983749f4de52562c39280447be1fdb4b0dff84bc61

          SHA512

          18ddc4024fca3447df810f9593bba350d845e340d3f3d56dcefd28618116021313f7962174f68de42e7bfc44b3483089f50638456bfdaaaa70f12a08297277b1

          Download Submit

        • C:\647000.dll
          Filesize

          133KB

          MD5

          ade1a0eeeb10d2cc909181aaf217be88

          SHA1

          15902ba3709ad0b8ddc7a73b36b4a3e40ecc49c9

          SHA256

          7cab00f628545e45670cc2983749f4de52562c39280447be1fdb4b0dff84bc61

          SHA512

          18ddc4024fca3447df810f9593bba350d845e340d3f3d56dcefd28618116021313f7962174f68de42e7bfc44b3483089f50638456bfdaaaa70f12a08297277b1

          Download Submit

        • C:\Program Files (x86)\Iefg\Nefghijkl.pic
          Filesize

          7.6MB

          MD5

          0327ce360afc2c31a1b1fae8f5864692

          SHA1

          d63e3b8e3abb2f755664df7bee7261fb9f7be278

          SHA256

          c1dad75e994e3cd8d4ad6ab71cae1fbf52a31165c2c8b797be3121591f7384cd

          SHA512

          d379a2a1f22a62c5932b571560661132e246923dbffc51484f090e17f94d9b9ec074014b91733f67dd54a0de0004b95d3068bdb871b417ba00d2560d6f2dd2ed

          Download Submit

        • \??\c:\NT_Path.jpg
          Filesize

          92B

          MD5

          222c1dc09918e373bba4aabebc62fc2f

          SHA1

          41b7d4ea3a88b23fadc74b692d50b627986e9296

          SHA256

          f3a2b2c30865c040d624e29a474061fde11d889b261e203bbbb60bbbb41f15e5

          SHA512

          ceb6b7e8ea685be81f86c0a48704e22c20fc112c47df4307c7a6f32717faf40ad4a76473328d6cd5787285ffa7867dda59f768fa39ae0b95ca04d7752d51c423

          Download Submit

        • \??\c:\program files (x86)\iefg\nefghijkl.pic
          Filesize

          7.6MB

          MD5

          0327ce360afc2c31a1b1fae8f5864692

          SHA1

          d63e3b8e3abb2f755664df7bee7261fb9f7be278

          SHA256

          c1dad75e994e3cd8d4ad6ab71cae1fbf52a31165c2c8b797be3121591f7384cd

          SHA512

          d379a2a1f22a62c5932b571560661132e246923dbffc51484f090e17f94d9b9ec074014b91733f67dd54a0de0004b95d3068bdb871b417ba00d2560d6f2dd2ed

          Download Submit