Overview

overview

10

Static

static

3

192eb3093e...cf.exe

windows7-x64

10

192eb3093e...cf.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    162s
  • max time network
    165s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 11:01

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    192eb3093e6d5ae995718c2efe6251cf.exe

  • Size

    376KB

  • MD5

    192eb3093e6d5ae995718c2efe6251cf

  • SHA1

    d8389e8d5c4f5decb0e67ff852f1269485930bb4

  • SHA256

    e0414923c79418878319e06ca8403c097280e9668eb3cb1d3b54650bc46dc43b

  • SHA512

    0c8d809ed0cefbf7946a07de21f5ca1b9b5086b9be7003d1b93c3ebb33e1aed0f795f4fdc714a0185436386eead646093fd0d3c4a9685fd23254b19d8d64c36b

  • SSDEEP

    6144:zIHYsZbS31zXqSNQgeiOKnDYVH0pwpMWEmpRBJ1NuUBY+f7zAF11whggaoHofphB:zIVZel6SOgeiOKEVH0ppWfBJ7XBczmRS

Score
10/10
gh0stratpersistencerat

Malware Config

Signatures

  • Gh0st RAT payload 11 IoCs
  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\192eb3093e6d5ae995718c2efe6251cf.exe
    "C:\Users\Admin\AppData\Local\Temp\192eb3093e6d5ae995718c2efe6251cf.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1156
    • \??\c:\Windows\svchest425075242507520.exe
      c:\Windows\svchest425075242507520.exe
      2⤵
      • Executes dropped EXE
      PID:4236

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\svchest425075242507520.exe
          Filesize

          108KB

          MD5

          0a27db1325280b37243f7e1390df5703

          SHA1

          e47d46774c3c09a64bc4d77b415fa193dd72d5cd

          SHA256

          e256677642926c3cef2e9152b9fd36e891b96f9202337254a853b5a04212b6a9

          SHA512

          54ed926b552a8b541a1ec8e8e6d8e9ad0b675faff6f0e0b3a412a90291602aa1c94cf8bd0c3e0b0ee007e29445049d375546c2b2cc23bb2a635df30f56d6994e

          Download Submit

        • C:\Windows\svchest425075242507520.exe
          Filesize

          63KB

          MD5

          0d20b33efed7931894318ccd41225a7f

          SHA1

          56c2c19d59f2da4922baa9b44f0d90356f931cd4

          SHA256

          7156f6743304817bc64bd937ecc6a7aed939ec6586f7aa197dcf32486714f118

          SHA512

          3a420c1985e8b2cc0cd7ad2bef42514fafe23fcb15b9ea37446052e21dbff85379598f91b7e9062237b59dc2256f1686e1d5912da38b20b863bb512cdd9b1a13

          Download Submit

        • \??\c:\Windows\svchest425075242507520.exe
          Filesize

          119KB

          MD5

          76a1eaeea1996222de20a876aa9277c2

          SHA1

          c469a375bddcee7fc45420481826e9b7768408ab

          SHA256

          7ae02509ae55f44f7eb347f5d9e522bd02d05dcf9bf095ffa97928bbd6ce9ab3

          SHA512

          629d1ef35b6807523ed2c0edbfbd5712b4dc30b3166675134031e569ed4697f289dcbbda16aab4df4982685b826889e8280cf64d5815371d8c52925f405b6961

          Download Submit

        • memory/1156-8-0x0000000000610000-0x0000000000611000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1156-10-0x0000000000400000-0x000000000054B000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1156-5-0x0000000000400000-0x000000000054B000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1156-7-0x0000000000400000-0x000000000054B000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1156-0-0x0000000000400000-0x000000000054B000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1156-9-0x0000000000400000-0x000000000054B000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1156-6-0x0000000000600000-0x0000000000602000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1156-31-0x0000000000400000-0x000000000054B000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1156-11-0x0000000002380000-0x0000000002388000-memory.dmp

          Filesize

          32KB

          Download

        • memory/1156-4-0x00000000005E0000-0x00000000005E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1156-2-0x00000000022D0000-0x000000000230E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1156-1-0x00000000022D0000-0x000000000230E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1156-33-0x0000000000400000-0x000000000054B000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1156-3-0x0000000000400000-0x000000000054B000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1156-32-0x00000000022D0000-0x000000000230E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/4236-22-0x0000000000400000-0x000000000054B000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/4236-26-0x0000000000400000-0x000000000054B000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/4236-25-0x00000000021C0000-0x00000000021C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4236-24-0x0000000000400000-0x000000000054B000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/4236-19-0x0000000002160000-0x000000000219E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/4236-28-0x0000000000400000-0x000000000054B000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/4236-27-0x0000000002160000-0x000000000219E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/4236-29-0x00000000021F0000-0x00000000021F8000-memory.dmp

          Filesize

          32KB

          Download

        • memory/4236-30-0x0000000000400000-0x000000000054B000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/4236-20-0x0000000002160000-0x000000000219E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/4236-23-0x00000000021B0000-0x00000000021B2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/4236-21-0x0000000000400000-0x000000000054B000-memory.dmp

          Filesize

          1.3MB

          Download