Overview

overview

10

Static

static

10

ab29c757d3...c0.exe

windows7-x64

10

ab29c757d3...c0.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    ab29c757d33926666e100616d1c7c4c0

  • Size

    116KB

  • Sample

    240228-gm2zdscg86

  • MD5

    ab29c757d33926666e100616d1c7c4c0

  • SHA1

    c738819e060055d37883f31d873432abdf0bb6d7

  • SHA256

    9f9441445790e2b9c7a17b3664a2c11edcf65e711dc633b0387564683d127948

  • SHA512

    1e9e8e77a325b1463ecb04e94a0d41263a904336270beee9d68b2eeb7d7336f857284b3237ca438ded81c5e43509d2d913dd9e95f10ba180905a65d1678b729d

  • SSDEEP

    3072:lb8oq/FWQDxX9Rf/bUH9B18vrsKoks4KOxqodjIezi:lgoJexrS9j0YKTs4KOx3jIezi

Score
10/10
gh0stratpersistencerat

Malware Config

Targets

    • Target

      ab29c757d33926666e100616d1c7c4c0

    • Size

      116KB

    • MD5

      ab29c757d33926666e100616d1c7c4c0

    • SHA1

      c738819e060055d37883f31d873432abdf0bb6d7

    • SHA256

      9f9441445790e2b9c7a17b3664a2c11edcf65e711dc633b0387564683d127948

    • SHA512

      1e9e8e77a325b1463ecb04e94a0d41263a904336270beee9d68b2eeb7d7336f857284b3237ca438ded81c5e43509d2d913dd9e95f10ba180905a65d1678b729d

    • SSDEEP

      3072:lb8oq/FWQDxX9Rf/bUH9B18vrsKoks4KOxqodjIezi:lgoJexrS9j0YKTs4KOx3jIezi

    Score
    10/10
    gh0stratpersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Drops file in Drivers directory

    • Sets DLL path for service in the registry

      persistence

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks