Overview

overview

10

Static

static

10

8d0d5840ee...10.exe

windows7-x64

10

8d0d5840ee...10.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    13/10/2023, 02:11

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    8d0d5840eed23ebbb0b98d506cc73b4ce943e69e2f2ebcec56c33ddccab7f110.exe

  • Size

    28KB

  • MD5

    4acd2949f151f70aecd79c1246abc66f

  • SHA1

    d1ea4c1cd3317e8cae2c6de614b5550544740d59

  • SHA256

    8d0d5840eed23ebbb0b98d506cc73b4ce943e69e2f2ebcec56c33ddccab7f110

  • SHA512

    3871396c2e6246c24331a9f43489dce6134e465ef1d4f295327ab246cedcc05e2c00054e8652112d61a1776b087875a62140976b55136ec36788350da4195fb1

  • SSDEEP

    768:fl4zBK6ZAd42oZChNi2+dgw9qRR3GXphR4/Oh5k:fl4V2qChNPKqRR3GpT4/Oh5k

Score
10/10
gh0stratratupx

Malware Config

Signatures

  • Gh0st RAT payload 1 IoCs
  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8d0d5840eed23ebbb0b98d506cc73b4ce943e69e2f2ebcec56c33ddccab7f110.exe
    "C:\Users\Admin\AppData\Local\Temp\8d0d5840eed23ebbb0b98d506cc73b4ce943e69e2f2ebcec56c33ddccab7f110.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1952

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1952-0-0x0000000000400000-0x000000000042D000-memory.dmp

          Filesize

          180KB

          Download

        • memory/1952-1-0x0000000000400000-0x000000000042D000-memory.dmp

          Filesize

          180KB

          Download