Analysis
-
max time kernel
214s -
max time network
162s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
25/12/2023, 03:47
General
-
Target
03bf3bc2965422d85c0b99f0e641af29.exe
-
Size
794KB
-
MD5
03bf3bc2965422d85c0b99f0e641af29
-
SHA1
82d0de1bd77a63a4ef1869095d484100b55184fc
-
SHA256
f853e3d2979b5dee2cc4c6ca3b07d85ae2892f4c8b90e7401cfcc58d2e8edffe
-
SHA512
0e7fe7bfcf858962e8cf230cb06a2fc24d77075e7002a5b63aad5ee7939f96df643e05afe3e60e52a9b5ef411ca3679f4cda25edce67994f44b9e4abd60aa950
-
SSDEEP
12288:iM5jZKbBL3aKHx5r+TuxX+fWbwFBfdGmZKcA:iM5j8Z3aKHx5r+TuxX+IwffFZKcA
Malware Config
Signatures
-
Gh0st RAT payload 1 IoCs
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Executes dropped EXE 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops file in Windows directory 5 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\03bf3bc2965422d85c0b99f0e641af29.exe"C:\Users\Admin\AppData\Local\Temp\03bf3bc2965422d85c0b99f0e641af29.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
\??\c:\Windows\svchest001465662051.exec:\Windows\svchest001465662051.exe2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
794KB
MD503bf3bc2965422d85c0b99f0e641af29
SHA182d0de1bd77a63a4ef1869095d484100b55184fc
SHA256f853e3d2979b5dee2cc4c6ca3b07d85ae2892f4c8b90e7401cfcc58d2e8edffe
SHA5120e7fe7bfcf858962e8cf230cb06a2fc24d77075e7002a5b63aad5ee7939f96df643e05afe3e60e52a9b5ef411ca3679f4cda25edce67994f44b9e4abd60aa950