Overview

overview

10

Static

static

3

1fce8b9f38...a7.exe

windows7-x64

10

1fce8b9f38...a7.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1fce8b9f38fcc8ba94217892687dd2663a450fb120f12bbc520865b7055742a7

  • Size

    3.1MB

  • Sample

    231016-kymkmafa66

  • MD5

    afda95541d982e00709ed9d5e3b67d41

  • SHA1

    ffc360180e44a92a7faa6a996028f33701b5e6b1

  • SHA256

    1fce8b9f38fcc8ba94217892687dd2663a450fb120f12bbc520865b7055742a7

  • SHA512

    f10acc956fe2d50547edf24d763ceea4bc66fa801545068adadc1c7765896d45d4e2ada253413453d60266382a0cf8dcc33a8663215cd8225cdd428d9776f5f7

  • SSDEEP

    98304:LFBpdAoM5C3Vz6+OYT5Z+ljDKEjJH5BNFFnWoEaa4OiZrq1DfPHNADtV6v+m:hBpmUVz9n+ljx7nWoEr4O7NADtV6v+m

Score
10/10
gh0stratrat

Malware Config

Targets

    • Target

      1fce8b9f38fcc8ba94217892687dd2663a450fb120f12bbc520865b7055742a7

    • Size

      3.1MB

    • MD5

      afda95541d982e00709ed9d5e3b67d41

    • SHA1

      ffc360180e44a92a7faa6a996028f33701b5e6b1

    • SHA256

      1fce8b9f38fcc8ba94217892687dd2663a450fb120f12bbc520865b7055742a7

    • SHA512

      f10acc956fe2d50547edf24d763ceea4bc66fa801545068adadc1c7765896d45d4e2ada253413453d60266382a0cf8dcc33a8663215cd8225cdd428d9776f5f7

    • SSDEEP

      98304:LFBpdAoM5C3Vz6+OYT5Z+ljDKEjJH5BNFFnWoEaa4OiZrq1DfPHNADtV6v+m:hBpmUVz9n+ljx7nWoEr4O7NADtV6v+m

    Score
    10/10
    gh0stratrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks