Overview

overview

10

Static

static

10

5bd71b0446...94.exe

windows7-x64

10

5bd71b0446...94.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    5bd71b0446f3afa9da3f29c206701f94

  • Size

    690KB

  • Sample

    231226-h2j8kaagfk

  • MD5

    5bd71b0446f3afa9da3f29c206701f94

  • SHA1

    e6ecf7bc096eb7c6367c72162a7e5d18d87f50e6

  • SHA256

    3ebfb0085c6926150f9e7d4a3c046b120dcf32b3518a254d758aac7f4c1c9f7d

  • SHA512

    e4d6c0eaae958b21c47bf3808ccc700909d76753a452b69372f24f954faa9eb767e2d0f56d9dafae3010c8929d97acae6e449ce9cef3b4f19c96b14d1f8c3f78

  • SSDEEP

    12288:m/eC0vZVQQxfnr+TK7r79/JenWAG36ATphjM5Bf1:m/XwVQQxfnr+TK7r79/Je3GqArjM5Bf1

Score
10/10
gh0stratpersistencerat

Malware Config

Targets

    • Target

      5bd71b0446f3afa9da3f29c206701f94

    • Size

      690KB

    • MD5

      5bd71b0446f3afa9da3f29c206701f94

    • SHA1

      e6ecf7bc096eb7c6367c72162a7e5d18d87f50e6

    • SHA256

      3ebfb0085c6926150f9e7d4a3c046b120dcf32b3518a254d758aac7f4c1c9f7d

    • SHA512

      e4d6c0eaae958b21c47bf3808ccc700909d76753a452b69372f24f954faa9eb767e2d0f56d9dafae3010c8929d97acae6e449ce9cef3b4f19c96b14d1f8c3f78

    • SSDEEP

      12288:m/eC0vZVQQxfnr+TK7r79/JenWAG36ATphjM5Bf1:m/XwVQQxfnr+TK7r79/Je3GqArjM5Bf1

    Score
    10/10
    gh0stratpersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks