Overview

overview

10

Static

static

10

1e3ee82433...b1.exe

windows7-x64

10

1e3ee82433...b1.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    1e3ee82433fb751610e4ebf187257ab1

  • Size

    99KB

  • Sample

    231230-176b4adbe7

  • MD5

    1e3ee82433fb751610e4ebf187257ab1

  • SHA1

    790dcb72a80a9981b857408a9da0d557cb246062

  • SHA256

    cb76752144c281be0862a0e87bbade83ba2c6a50789086c9972dc1dde6fd8ba5

  • SHA512

    d153b26941efbbb444e0cb2223e9a03ebda4bcab18c38c1e6142d040f6b9f0e606880b42904f4ef0dc349e9d3e28265fdb2afe16c62eb8c06fdde02d0d16257d

  • SSDEEP

    1536:yFo6En8vDuUvJcHEl4c8vUmTJ8L7B5YJBFUadcdIZuslESrUVnmjv73PYKtl3gCr:Eo6E8vJZJ8cmd/JBNZu+zamjDAbE

Score
10/10
gh0stratbootkitpersistenceratupx

Malware Config

Targets

    • Target

      1e3ee82433fb751610e4ebf187257ab1

    • Size

      99KB

    • MD5

      1e3ee82433fb751610e4ebf187257ab1

    • SHA1

      790dcb72a80a9981b857408a9da0d557cb246062

    • SHA256

      cb76752144c281be0862a0e87bbade83ba2c6a50789086c9972dc1dde6fd8ba5

    • SHA512

      d153b26941efbbb444e0cb2223e9a03ebda4bcab18c38c1e6142d040f6b9f0e606880b42904f4ef0dc349e9d3e28265fdb2afe16c62eb8c06fdde02d0d16257d

    • SSDEEP

      1536:yFo6En8vDuUvJcHEl4c8vUmTJ8L7B5YJBFUadcdIZuslESrUVnmjv73PYKtl3gCr:Eo6E8vJZJ8cmd/JBNZu+zamjDAbE

    Score
    10/10
    gh0stratbootkitpersistenceratupx

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks