Overview

overview

10

Static

static

10

142ae9fc5d...20.exe

windows7-x64

10

142ae9fc5d...20.exe

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    142ae9fc5dc578ced96a4032ed4e7920

  • Size

    489KB

  • Sample

    231225-k9en6ahbg4

  • MD5

    142ae9fc5dc578ced96a4032ed4e7920

  • SHA1

    0239455c9c45cb80bc6e3c715da02ed9316406f8

  • SHA256

    5843b9a919f467b03232175d908ff88a8bb3e0c1dd8ef692489e6b9bcd5fe5e2

  • SHA512

    e87c703140bd555015cbf32a03671a6b0274c5421d82dcee79ac5b2fa1116a6bfd179de2930d46d4d1fefd2b4f5f82d184c98d0666afecb1ad4299f3a34205f3

  • SSDEEP

    12288:+08PKZVQQxfnr+TK7r79/J0NWNf37JcAayM5ahpnf:p8AVQQxfnr+TK7r79/J0ofrJEyM5ahxf

Score
10/10
gh0stratpersistencerat

Malware Config

Targets

    • Target

      142ae9fc5dc578ced96a4032ed4e7920

    • Size

      489KB

    • MD5

      142ae9fc5dc578ced96a4032ed4e7920

    • SHA1

      0239455c9c45cb80bc6e3c715da02ed9316406f8

    • SHA256

      5843b9a919f467b03232175d908ff88a8bb3e0c1dd8ef692489e6b9bcd5fe5e2

    • SHA512

      e87c703140bd555015cbf32a03671a6b0274c5421d82dcee79ac5b2fa1116a6bfd179de2930d46d4d1fefd2b4f5f82d184c98d0666afecb1ad4299f3a34205f3

    • SSDEEP

      12288:+08PKZVQQxfnr+TK7r79/J0NWNf37JcAayM5ahpnf:p8AVQQxfnr+TK7r79/J0ofrJEyM5ahxf

    Score
    10/10
    gh0stratpersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks