Overview

overview

10

Static

static

10

NEAS.42b86...d0.exe

windows7-x64

10

NEAS.42b86...d0.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    NEAS.42b86f192d5f944b5f7458e81fe8a2d0.exe

  • Size

    348KB

  • Sample

    231116-jkbqjagb93

  • MD5

    42b86f192d5f944b5f7458e81fe8a2d0

  • SHA1

    d2816bb13258cff33ed8fd9c653f51883090dc86

  • SHA256

    67b16ba806e1bef2b9ea4e0c3ee17997c6f026f2737656ea67848ffe3c407858

  • SHA512

    7fb1378f7dc6f937dfb17886593786f5141295a1ebf1cef2b3e84182e2b1f142700947be4e027c62f1d486b4b11f4bf0870b0d42257bba01b14e14fc5c89d9e9

  • SSDEEP

    6144:MJueTkwOwoWOQ3dwaWB28edeP/deUv80P80Ap8UGwoTGHZOWJkqd0K4rG7eVT0SH:ouLwoZQGpnedeP/deUe1ppGjTGHZRT0z

Score
10/10
gh0stratpersistencerat

Malware Config

Targets

    • Target

      NEAS.42b86f192d5f944b5f7458e81fe8a2d0.exe

    • Size

      348KB

    • MD5

      42b86f192d5f944b5f7458e81fe8a2d0

    • SHA1

      d2816bb13258cff33ed8fd9c653f51883090dc86

    • SHA256

      67b16ba806e1bef2b9ea4e0c3ee17997c6f026f2737656ea67848ffe3c407858

    • SHA512

      7fb1378f7dc6f937dfb17886593786f5141295a1ebf1cef2b3e84182e2b1f142700947be4e027c62f1d486b4b11f4bf0870b0d42257bba01b14e14fc5c89d9e9

    • SSDEEP

      6144:MJueTkwOwoWOQ3dwaWB28edeP/deUv80P80Ap8UGwoTGHZOWJkqd0K4rG7eVT0SH:ouLwoZQGpnedeP/deUe1ppGjTGHZRT0z

    Score
    10/10
    gh0stratpersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Modifies Installed Components in the registry

      persistence

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks