Overview

overview

10

Static

static

7

1811e46176...d8.exe

windows7-x64

10

1811e46176...d8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1811e461767ca3de358ef321e0a864d8

  • Size

    741KB

  • Sample

    231224-23jszaaabl

  • MD5

    1811e461767ca3de358ef321e0a864d8

  • SHA1

    881915df35a7a83102632552138f8ef718d1b04a

  • SHA256

    29f69d13328efbd0dac5b0a3d2c8d44230a707429dba5bded6a646b16d8649fb

  • SHA512

    8cc0362040a8a1c43822951e0f2b728be4cd2a695c955c20e24ddf3a56a18d8651ce8cbe602750da81c70d15f7fbcb43b140312ae4016be59424e86f653a43a5

  • SSDEEP

    12288:jt0VPFfsKAkrbPlXhHANUTNqmkTHANUTNQ:SFksb1AmkA

Score
10/10
gh0stratpersistenceratupx

Malware Config

Targets

    • Target

      1811e461767ca3de358ef321e0a864d8

    • Size

      741KB

    • MD5

      1811e461767ca3de358ef321e0a864d8

    • SHA1

      881915df35a7a83102632552138f8ef718d1b04a

    • SHA256

      29f69d13328efbd0dac5b0a3d2c8d44230a707429dba5bded6a646b16d8649fb

    • SHA512

      8cc0362040a8a1c43822951e0f2b728be4cd2a695c955c20e24ddf3a56a18d8651ce8cbe602750da81c70d15f7fbcb43b140312ae4016be59424e86f653a43a5

    • SSDEEP

      12288:jt0VPFfsKAkrbPlXhHANUTNqmkTHANUTNQ:SFksb1AmkA

    Score
    10/10
    gh0stratpersistenceratupx

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks