Overview

overview

10

Static

static

3

3b9b91a85d...ff.exe

windows7-x64

10

3b9b91a85d...ff.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3b9b91a85df0dc923051495250cf6ceed889fc6c72741f09619ac17788fa3fff

  • Size

    988KB

  • Sample

    231120-teg1gahg6x

  • MD5

    8f549f8b9e07e9f02d68522719da26b0

  • SHA1

    e9d345e3d36d142c622509694848ae280db26757

  • SHA256

    3b9b91a85df0dc923051495250cf6ceed889fc6c72741f09619ac17788fa3fff

  • SHA512

    350120759146313603eb0c99fe809be266c9430087c4d71157185503a09d000682dc86d2064ca24dba8c072d0486ffebeb9e0838f60474cb8f4ba8df9b7eb746

  • SSDEEP

    24576:EDYHxjb/dubakfXQDWJ8xg69vqbOMixbFP+MU47/+IuUf81kQRYDBV:EDYHxcZACixg69SbnKGx47WSfkkQRYDz

Score
10/10
gh0stratrat

Malware Config

Targets

    • Target

      3b9b91a85df0dc923051495250cf6ceed889fc6c72741f09619ac17788fa3fff

    • Size

      988KB

    • MD5

      8f549f8b9e07e9f02d68522719da26b0

    • SHA1

      e9d345e3d36d142c622509694848ae280db26757

    • SHA256

      3b9b91a85df0dc923051495250cf6ceed889fc6c72741f09619ac17788fa3fff

    • SHA512

      350120759146313603eb0c99fe809be266c9430087c4d71157185503a09d000682dc86d2064ca24dba8c072d0486ffebeb9e0838f60474cb8f4ba8df9b7eb746

    • SSDEEP

      24576:EDYHxjb/dubakfXQDWJ8xg69vqbOMixbFP+MU47/+IuUf81kQRYDBV:EDYHxcZACixg69SbnKGx47WSfkkQRYDz

    Score
    10/10
    gh0stratrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks