Overview

overview

10

Static

static

3

9bcfcc03ac...4c.exe

windows7-x64

10

9bcfcc03ac...4c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9bcfcc03ac9627704ee013dad6fb3242c4ad37c1224607eb46b094015c0fa34c

  • Size

    4.5MB

  • Sample

    240113-f7wsfachbr

  • MD5

    ab0352a810f64c8f60371e183719641e

  • SHA1

    9ca935abafb8064d1ca6c05ac6d3442183d507de

  • SHA256

    9bcfcc03ac9627704ee013dad6fb3242c4ad37c1224607eb46b094015c0fa34c

  • SHA512

    d39f93a0ac62ec15b09c4861c7c88641f80cb60f7544ef5fcfb408b307bb849b8b42be6671cf9e2bbb3c359f4db72459185406a29ed9def1aa56f6c69627e221

  • SSDEEP

    49152:OYREXSVMDi33bXsPNIULkmp1/j6AeXZG7wmpvGF1IP9z5WuHC4O8b8ITDnl27PLn:b2SVMD83bXsPN5kiQaZ56

Score
10/10
gh0stratpersistencerat

Malware Config

Targets

    • Target

      9bcfcc03ac9627704ee013dad6fb3242c4ad37c1224607eb46b094015c0fa34c

    • Size

      4.5MB

    • MD5

      ab0352a810f64c8f60371e183719641e

    • SHA1

      9ca935abafb8064d1ca6c05ac6d3442183d507de

    • SHA256

      9bcfcc03ac9627704ee013dad6fb3242c4ad37c1224607eb46b094015c0fa34c

    • SHA512

      d39f93a0ac62ec15b09c4861c7c88641f80cb60f7544ef5fcfb408b307bb849b8b42be6671cf9e2bbb3c359f4db72459185406a29ed9def1aa56f6c69627e221

    • SSDEEP

      49152:OYREXSVMDi33bXsPNIULkmp1/j6AeXZG7wmpvGF1IP9z5WuHC4O8b8ITDnl27PLn:b2SVMD83bXsPN5kiQaZ56

    Score
    10/10
    gh0stratpersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Sets DLL path for service in the registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks