Overview

overview

10

Static

static

3

0c70f5ab96...35.exe

windows7-x64

10

0c70f5ab96...35.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0c70f5ab964d269b5855ea32895cef35

  • Size

    58KB

  • Sample

    231230-dksq6abed9

  • MD5

    0c70f5ab964d269b5855ea32895cef35

  • SHA1

    a5422a5f03246c85100f848ab5d9b947213048d1

  • SHA256

    ca3050ca80b8f7b8a83e9ed03c3dd294a0af8413e8ad2eb789c5fc79e5e8b32a

  • SHA512

    5f63c4c9754ca50c7e61f0c1ae95d4f03514b7d2ca8dfdb4a06d257324ae1ce03c1ed6796301672d8795fde3bfda6f7e34228afefc6303c0d32f55b870a27ce0

  • SSDEEP

    1536:gYSpDY3Io8IUqCgOdWMXfM2jM5UTJ3WSJ8OTcMo:gYiEYo8vqCTYBPU93WSJ8Om

Score
10/10
gh0stratpersistencerat

Malware Config

Targets

    • Target

      0c70f5ab964d269b5855ea32895cef35

    • Size

      58KB

    • MD5

      0c70f5ab964d269b5855ea32895cef35

    • SHA1

      a5422a5f03246c85100f848ab5d9b947213048d1

    • SHA256

      ca3050ca80b8f7b8a83e9ed03c3dd294a0af8413e8ad2eb789c5fc79e5e8b32a

    • SHA512

      5f63c4c9754ca50c7e61f0c1ae95d4f03514b7d2ca8dfdb4a06d257324ae1ce03c1ed6796301672d8795fde3bfda6f7e34228afefc6303c0d32f55b870a27ce0

    • SSDEEP

      1536:gYSpDY3Io8IUqCgOdWMXfM2jM5UTJ3WSJ8OTcMo:gYiEYo8vqCTYBPU93WSJ8Om

    Score
    10/10
    gh0stratpersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Drops file in Drivers directory

    • Sets DLL path for service in the registry

      persistence

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks