Overview

overview

10

Static

static

3

2a9d135321...49.exe

windows7-x64

10

2a9d135321...49.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    2a9d135321718a4310e58e243b8df54f89233446437d1e630b96546bc753c649

  • Size

    1.2MB

  • Sample

    240108-fpzrdabfap

  • MD5

    4b7f20d5148fbb64c1585c100f79b465

  • SHA1

    91d61b7f87fcc4a21be8439def2540bc73bcb518

  • SHA256

    2a9d135321718a4310e58e243b8df54f89233446437d1e630b96546bc753c649

  • SHA512

    1bf281f1fddedfc98bd7e94dd5680106f6e77b58e4c507c0a273d2bf9030d68f4a0e9256337f797feb25e5991c270a7cfee4844cc7530615dc5bd8bba13d96a0

  • SSDEEP

    24576:9YFbkIsaPiXSVnC7Yp9zkNmZG8RRln8yzDOc:9YREXSVMDi3ff

Score
10/10
gh0stratpersistencerat

Malware Config

Targets

    • Target

      2a9d135321718a4310e58e243b8df54f89233446437d1e630b96546bc753c649

    • Size

      1.2MB

    • MD5

      4b7f20d5148fbb64c1585c100f79b465

    • SHA1

      91d61b7f87fcc4a21be8439def2540bc73bcb518

    • SHA256

      2a9d135321718a4310e58e243b8df54f89233446437d1e630b96546bc753c649

    • SHA512

      1bf281f1fddedfc98bd7e94dd5680106f6e77b58e4c507c0a273d2bf9030d68f4a0e9256337f797feb25e5991c270a7cfee4844cc7530615dc5bd8bba13d96a0

    • SSDEEP

      24576:9YFbkIsaPiXSVnC7Yp9zkNmZG8RRln8yzDOc:9YREXSVMDi3ff

    Score
    10/10
    gh0stratpersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Sets DLL path for service in the registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks