Analysis
-
max time kernel
149s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
30/12/2023, 01:37
General
-
Target
0a4f25c6345f0c352d2d36adf41594be.exe
-
Size
484KB
-
MD5
0a4f25c6345f0c352d2d36adf41594be
-
SHA1
ff46ce4f7bad7ed6251e74f5609e2fb4dad10cf5
-
SHA256
6153b519a69fbaa9918813e49a817e748aa66bb4f623263b30a363e80e1ebe31
-
SHA512
fae817829a97985ab1e91c88febe675be8d5792fdbbc85d220fd75bf18553de732859f30dbf5e3deea7654a15295290b238e32dfc3ff7764f4c9d366785a7bf7
-
SSDEEP
12288:YM5HLC52oxL3aKHx5r+TuxPhNWwgsAO3oty:YM5HLC0w3aKHx5r+TuxPhpgpOmy
Malware Config
Signatures
-
Gh0st RAT payload 4 IoCs
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Executes dropped EXE 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops file in Windows directory 5 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0a4f25c6345f0c352d2d36adf41594be.exe"C:\Users\Admin\AppData\Local\Temp\0a4f25c6345f0c352d2d36adf41594be.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
\??\c:\Windows\svchest479126447912640.exec:\Windows\svchest479126447912640.exe2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
484KB
MD50a4f25c6345f0c352d2d36adf41594be
SHA1ff46ce4f7bad7ed6251e74f5609e2fb4dad10cf5
SHA2566153b519a69fbaa9918813e49a817e748aa66bb4f623263b30a363e80e1ebe31
SHA512fae817829a97985ab1e91c88febe675be8d5792fdbbc85d220fd75bf18553de732859f30dbf5e3deea7654a15295290b238e32dfc3ff7764f4c9d366785a7bf7
-
Filesize
273KB
MD5ee3c3daea8231d6772b2f5031282eabd
SHA1ee127ce8af53afa1121ba2ba0b87cbe109c63eea
SHA256066b2ae86f543d65bcca0bb357058938db2d55595fc81c88a2b48676482b3c73
SHA512349a95bec29ce3aa407afc679078669981c500fda5dceef38ca06e46519cae1c77f64ee4d8acee78c33ce2b60c9001b8ae2d71841967d9227e2e362405e3484b
-
Filesize
948KB
-
Filesize
948KB