Overview

overview

10

Static

static

3

ae0e44afbf...a4.exe

windows7-x64

10

ae0e44afbf...a4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ae0e44afbfd5f450f7a5f0dae68869163d469cf56c836b7c4f2f7866ccb1b5a4

  • Size

    600KB

  • Sample

    240103-q5mrvsgdf7

  • MD5

    5139ade75af37250e97b19f76a532621

  • SHA1

    94e76438bca9b7786e917b344f7cce319eb53f34

  • SHA256

    ae0e44afbfd5f450f7a5f0dae68869163d469cf56c836b7c4f2f7866ccb1b5a4

  • SHA512

    1ef0e4c8f4ec46146c2de88b40d25ba43ac76437de81458cffae87fa5a8030b4176a3d4e59470066318d8fcf9cb0aeeebda6c4c9d51b721af5dbeca22c6e8c7a

  • SSDEEP

    6144:8PIP+niD5Gcc8419jmjA3c8lDPj2DLxrj61wW1wNE1wUzA:8P3iw8yaA3c8VGxvmH44n

Score
10/10
gh0stratrat

Malware Config

Targets

    • Target

      ae0e44afbfd5f450f7a5f0dae68869163d469cf56c836b7c4f2f7866ccb1b5a4

    • Size

      600KB

    • MD5

      5139ade75af37250e97b19f76a532621

    • SHA1

      94e76438bca9b7786e917b344f7cce319eb53f34

    • SHA256

      ae0e44afbfd5f450f7a5f0dae68869163d469cf56c836b7c4f2f7866ccb1b5a4

    • SHA512

      1ef0e4c8f4ec46146c2de88b40d25ba43ac76437de81458cffae87fa5a8030b4176a3d4e59470066318d8fcf9cb0aeeebda6c4c9d51b721af5dbeca22c6e8c7a

    • SSDEEP

      6144:8PIP+niD5Gcc8419jmjA3c8lDPj2DLxrj61wW1wNE1wUzA:8P3iw8yaA3c8VGxvmH44n

    Score
    10/10
    gh0stratrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Drops file in Drivers directory

    • Deletes itself

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks