Overview

overview

10

Static

static

10

13ac75cc8a...ba.exe

windows7-x64

10

13ac75cc8a...ba.exe

windows10-2004-x64

6

Sharing

Copy URL Twitter E-mail

General

  • Target

    13ac75cc8a0b19b0aaeb77ed62e3fcba

  • Size

    506KB

  • Sample

    231225-kz54csehej

  • MD5

    13ac75cc8a0b19b0aaeb77ed62e3fcba

  • SHA1

    497231f6d1fbd3f9a2550ba94e1798368c5a3c24

  • SHA256

    677c95630c76b429d08d79c829891451753ef61e0bf6f3b991c85c91b6a8c265

  • SHA512

    51d0d4184c8444eae920f63b2f9b4207a3ee071e1cc4b56f69a6d33c91ea3484a195a70b91f5704bf9f94c5c65c3bbc912c0ba7ac69478261a8ccbf0c4589ea9

  • SSDEEP

    12288:g08PKZVQQxfnr+TK7r79/J0NWNf37JcAayM5ahHj6:b8AVQQxfnr+TK7r79/J0ofrJEyM5ahD6

Score
10/10
gh0stratpersistencerat

Malware Config

Targets

    • Target

      13ac75cc8a0b19b0aaeb77ed62e3fcba

    • Size

      506KB

    • MD5

      13ac75cc8a0b19b0aaeb77ed62e3fcba

    • SHA1

      497231f6d1fbd3f9a2550ba94e1798368c5a3c24

    • SHA256

      677c95630c76b429d08d79c829891451753ef61e0bf6f3b991c85c91b6a8c265

    • SHA512

      51d0d4184c8444eae920f63b2f9b4207a3ee071e1cc4b56f69a6d33c91ea3484a195a70b91f5704bf9f94c5c65c3bbc912c0ba7ac69478261a8ccbf0c4589ea9

    • SSDEEP

      12288:g08PKZVQQxfnr+TK7r79/J0NWNf37JcAayM5ahHj6:b8AVQQxfnr+TK7r79/J0ofrJEyM5ahD6

    Score
    10/10
    gh0stratpersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks