Overview

overview

10

Static

static

3

(?)#Androm...ew.exe

windows10-2004-x64

7

koori.exe

windows10-2004-x64

10

meow.exe

windows10-2004-x64

10

srodus.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    neonsign.zip

  • Size

    2.3MB

  • Sample

    240116-kmp7dagcfj

  • MD5

    7130062e72a787dae97c7a1d8d55dcb3

  • SHA1

    5bbf8e7000d046eda2ec803611754c8d12b8ba83

  • SHA256

    75f785ffbadc7cc740bde0ed0c60159b1d380e203963228b5da20a94d4aa4a36

  • SHA512

    51ebeaf136c35e83b85c70c30d0d6336a68d310519692be83dc124549364d3f57951778ad02ffc97e96b73032a3b1112b7d4df3d84dfd4dc4324f5d21919a25f

  • SSDEEP

    49152:vqFGBLGhZfhbgsdWwfte+Z2UAgi8JSmbeIvel:STvJgsdWwUWtb7Jg

Score
10/10
fatalratgh0stratinfostealerpersistencerat

Malware Config

Extracted

Family

gh0strat

C2

47.76.161.35

Targets

    • Target

      (?)#Androm-CGfxListView.exe

    • Size

      152KB

    • MD5

      e2a3695183a53cf01c5fee5dd13afb45

    • SHA1

      fb730909a89480728d243782558828d624089974

    • SHA256

      894007e5d07de82a13d1ce44ddefbffcfb790d410e5fe01c7e04deb7e5b8464b

    • SHA512

      2df11dbf31394a176eaa9277c1c61062e9a785e90ad89d714fa1eb2bfae98e91b57060b75d000eda64082e588d8b963f0a11a2df063f6cd0e8760fb744061823

    • SSDEEP

      3072:wf4Zp1MIrIf4lO6VogYx4q+wZoCXiZxnLRmEj:LZpyIrIw1q+kPUL

    Score
    7/10
    persistence

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

    • Target

      koori.exe

    • Size

      9KB

    • MD5

      0162ec0da9b029460e325b7b68d8cf31

    • SHA1

      412f6cbde7b5dcb14114f5fb96764d3ba52118e5

    • SHA256

      9b1f69c467acd244144b6a52a2e9063b25b4ded4b96a9845ab043fbd354531d1

    • SHA512

      218f570021b2fae8717df5d4acde3b45f3bab7fcf78ff7cb8f3d70ac37e06d066ee566aa5ef6a11b6a2644165961bebf8f2d7f305ce55be0b3d85db7f7d040ed

    • SSDEEP

      192:COp/kxZ5h2xeqprlU6kZ01lZGOXDVqcR1z:CO5kT5oeqprlUvulDVLR1

    Score
    10/10
    gh0stratrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral2

    • Target

      meow.exe

    • Size

      3.7MB

    • MD5

      678f94cd567504b5abe86945b6853597

    • SHA1

      a50b572e1cf2d1ac850446b6d585ef6896212054

    • SHA256

      eb171728a9c81a6d2df309353409e9e71bb61561141ec13e66352b196656defa

    • SHA512

      370eb393b367b30ce8bd200777b651613dd11bd4768cc39ca11debc5f93865aa002501796396be24c7eb8947b2e3e945777397ad6ba0bad7d60f411f362069f8

    • SSDEEP

      49152:TV5econWgqDvCts/n1xHlPQTTN3IihvEF6Y4Q7jB2Xp/Td8h2OOm8CeZas5YtYQk:GqD03IfF6Y4Q8VW8daJaLz7

    Score
    10/10
    fatalratinfostealerrat

    • FatalRat

      FatalRat is a modular infostealer family written in C++ first appearing in June 2021.

      infostealerratfatalrat

    • Fatal Rat payload

      ratinfostealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral3

    • Target

      srodus.exe

    • Size

      152KB

    • MD5

      a9611e59f5b26530f2f0b63da3847228

    • SHA1

      e8ebf8efd94b42f0578392483d88aa237d261543

    • SHA256

      e45438fb72a822ad3f3d1578bcbcc88e1f66d14ca6c3b6a620812d6191ed343d

    • SHA512

      e9b8a0ad66e03d87bb5b4fd89ffcdce5879cc3724290aeda4e85620611681d7311dcfea685cfb574d34732daa8417607a3b769a5839b01846377595a67ed74fd

    • SSDEEP

      3072:wf4Zp1MIrIf4lO6VogYx4q+wZoCXiZxnLWmEj:LZpyIrIw1q+kPUL

    Score
    7/10
    persistence

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral4

MITRE ATT&CK Enterprise v15

Tasks