Overview

overview

10

Static

static

3

2024-02-19...ia.exe

windows7-x64

10

2024-02-19...ia.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-02-19_537fc4fd0308fa48f6ff8565446983be_mafia

  • Size

    1.9MB

  • Sample

    240219-bf2gdsgc5z

  • MD5

    537fc4fd0308fa48f6ff8565446983be

  • SHA1

    88f1da61ad5b13a82f8fdbefefbd0583cf337e15

  • SHA256

    6e1aa1a73830b30b12eb4fb67a6977f4e4818eefd01048c7d9e9df53e82fe2d2

  • SHA512

    c66790f9c9d7bdba65d9290bfb6e5a1e2373f64ccb281a5a699bdec2c58426d3e978e8628fd0bde08058293cfaecfb0224e23f7f6ea5522b1dbad2626e3286f8

  • SSDEEP

    49152:XZLB4CgdSv2133M+vQ80O4nlgb7b2bCzrboqm0biyMEw4sk9DX3DLB:f4CgdSv2133M+J0jlgb7b2bCzrboqnwC

Score
10/10
gh0stratrat

Malware Config

Targets

    • Target

      2024-02-19_537fc4fd0308fa48f6ff8565446983be_mafia

    • Size

      1.9MB

    • MD5

      537fc4fd0308fa48f6ff8565446983be

    • SHA1

      88f1da61ad5b13a82f8fdbefefbd0583cf337e15

    • SHA256

      6e1aa1a73830b30b12eb4fb67a6977f4e4818eefd01048c7d9e9df53e82fe2d2

    • SHA512

      c66790f9c9d7bdba65d9290bfb6e5a1e2373f64ccb281a5a699bdec2c58426d3e978e8628fd0bde08058293cfaecfb0224e23f7f6ea5522b1dbad2626e3286f8

    • SSDEEP

      49152:XZLB4CgdSv2133M+vQ80O4nlgb7b2bCzrboqm0biyMEw4sk9DX3DLB:f4CgdSv2133M+J0jlgb7b2bCzrboqnwC

    Score
    10/10
    gh0stratrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks