Overview

overview

10

Static

static

10

NEAS.5fc8f...c8.exe

windows7-x64

10

NEAS.5fc8f...c8.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    NEAS.5fc8f026004845368e5882bcb79bf8c8.exe

  • Size

    348KB

  • Sample

    231107-r89apscd58

  • MD5

    5fc8f026004845368e5882bcb79bf8c8

  • SHA1

    f7d0e07fbb0542c9e09de4ed965450a250d03965

  • SHA256

    b9120806076c568398eb3e40fbf28184e7dda70006491a8cc9313164ebf725e8

  • SHA512

    486354b06ea4e22c7ceb5e5efcecd4ba4e7f97dc4d8847a58d1b41fa5270ca8590e73b0cbc7a1af47be369ffbae1c0e13f3418848988168748ee7037d74abbc6

  • SSDEEP

    6144:MJueTkwOwoWOQ3dwaWB28edeP/deUv80P80Ap8UGwoTGHZOWJkqd0K4rG7eVT0Su:ouLwoZQGpnedeP/deUe1ppGjTGHZRT0i

Score
10/10
gh0stratpersistencerat

Malware Config

Targets

    • Target

      NEAS.5fc8f026004845368e5882bcb79bf8c8.exe

    • Size

      348KB

    • MD5

      5fc8f026004845368e5882bcb79bf8c8

    • SHA1

      f7d0e07fbb0542c9e09de4ed965450a250d03965

    • SHA256

      b9120806076c568398eb3e40fbf28184e7dda70006491a8cc9313164ebf725e8

    • SHA512

      486354b06ea4e22c7ceb5e5efcecd4ba4e7f97dc4d8847a58d1b41fa5270ca8590e73b0cbc7a1af47be369ffbae1c0e13f3418848988168748ee7037d74abbc6

    • SSDEEP

      6144:MJueTkwOwoWOQ3dwaWB28edeP/deUv80P80Ap8UGwoTGHZOWJkqd0K4rG7eVT0Su:ouLwoZQGpnedeP/deUe1ppGjTGHZRT0i

    Score
    10/10
    gh0stratpersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Modifies Installed Components in the registry

      persistence

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks