Overview

overview

10

Static

static

3

b016f7ce0d...01.exe

windows7-x64

10

b016f7ce0d...01.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b016f7ce0dae5d2a7143924236d561cf5b2c1198b637bdd27314e8464ccff101

  • Size

    4.7MB

  • Sample

    240102-k4dvnsecbk

  • MD5

    5fd1bef10aee944b5ec2f1b4283ff0b0

  • SHA1

    5f128fd947e51708133a02ab312c113feabc2600

  • SHA256

    b016f7ce0dae5d2a7143924236d561cf5b2c1198b637bdd27314e8464ccff101

  • SHA512

    00a298e08c5298c9775749004aa77eba891f00d2e45a0356158ff9e909cb012bfa5af78d3ec3a66b514a833854c70cac4de1cfdc4c324710907ae12f773b8023

  • SSDEEP

    49152:eYREXSVMDi3tbXsPNIULkmp1/j6AeXZG7wmpvGF1IP9z5WuHC4O8b8ITDnl27PLn:r2SVMD8tbXsPN5kiQaZ56

Score
10/10
gh0stratpersistencerat

Malware Config

Targets

    • Target

      b016f7ce0dae5d2a7143924236d561cf5b2c1198b637bdd27314e8464ccff101

    • Size

      4.7MB

    • MD5

      5fd1bef10aee944b5ec2f1b4283ff0b0

    • SHA1

      5f128fd947e51708133a02ab312c113feabc2600

    • SHA256

      b016f7ce0dae5d2a7143924236d561cf5b2c1198b637bdd27314e8464ccff101

    • SHA512

      00a298e08c5298c9775749004aa77eba891f00d2e45a0356158ff9e909cb012bfa5af78d3ec3a66b514a833854c70cac4de1cfdc4c324710907ae12f773b8023

    • SSDEEP

      49152:eYREXSVMDi3tbXsPNIULkmp1/j6AeXZG7wmpvGF1IP9z5WuHC4O8b8ITDnl27PLn:r2SVMD8tbXsPN5kiQaZ56

    Score
    10/10
    gh0stratpersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Sets DLL path for service in the registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks