Overview

overview

10

Static

static

3

f5779045a4...bc.exe

windows7-x64

10

f5779045a4...bc.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    17/04/2024, 10:38

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    f5779045a4f8a31b8604d2c759ce710f217b99415ed57689c2b3f9946d8462bc.exe

  • Size

    1.0MB

  • MD5

    b7f7eccc38bd334fd00d2e7d2f4b9c8f

  • SHA1

    7e5f9d367a3848c0ee1db0078c27083da6e96291

  • SHA256

    f5779045a4f8a31b8604d2c759ce710f217b99415ed57689c2b3f9946d8462bc

  • SHA512

    f8fbfc08d633b0739326491c96189c7cef4652f5bd2a12130c142174033f3623e74e53be1343dc4184d281133d53f3d9f1b20516e9d9cdb9728982a3d593c339

  • SSDEEP

    12288:6De4Fy/UQ0Vmu+X5IGasus/hP4ixLz1i7G8v4jKmU94XvOPE5XJl0TftFadFbBKi:6BA/rdIGaRaB4ixLqvehU94Xr5XjGar

Score
10/10
gh0stratrat

Malware Config

Signatures

  • Gh0st RAT payload 1 IoCs
  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat
  • Enumerates connected drives 3 TTPs 22 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 34 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f5779045a4f8a31b8604d2c759ce710f217b99415ed57689c2b3f9946d8462bc.exe
    "C:\Users\Admin\AppData\Local\Temp\f5779045a4f8a31b8604d2c759ce710f217b99415ed57689c2b3f9946d8462bc.exe"
    1⤵
    • Enumerates connected drives
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    PID:1848

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1848-0-0x0000000000400000-0x000000000056F000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1848-1-0x0000000077040000-0x0000000077087000-memory.dmp

          Filesize

          284KB

          Download

        • memory/1848-812-0x0000000002290000-0x00000000023A1000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1848-814-0x0000000002290000-0x00000000023A1000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1848-816-0x0000000002290000-0x00000000023A1000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1848-818-0x0000000002290000-0x00000000023A1000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1848-820-0x0000000002290000-0x00000000023A1000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1848-822-0x0000000002290000-0x00000000023A1000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1848-826-0x0000000002290000-0x00000000023A1000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1848-828-0x0000000002290000-0x00000000023A1000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1848-824-0x0000000002290000-0x00000000023A1000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1848-832-0x0000000002290000-0x00000000023A1000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1848-834-0x0000000002290000-0x00000000023A1000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1848-830-0x0000000002290000-0x00000000023A1000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1848-836-0x0000000002290000-0x00000000023A1000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1848-838-0x0000000002290000-0x00000000023A1000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1848-840-0x0000000002290000-0x00000000023A1000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1848-842-0x0000000002290000-0x00000000023A1000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1848-844-0x0000000002290000-0x00000000023A1000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1848-846-0x0000000002290000-0x00000000023A1000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1848-848-0x0000000002290000-0x00000000023A1000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1848-850-0x0000000002290000-0x00000000023A1000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1848-852-0x0000000002290000-0x00000000023A1000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1848-854-0x0000000002290000-0x00000000023A1000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1848-856-0x0000000002290000-0x00000000023A1000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1848-858-0x0000000002290000-0x00000000023A1000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1848-860-0x0000000002290000-0x00000000023A1000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1848-862-0x0000000002290000-0x00000000023A1000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1848-864-0x0000000002290000-0x00000000023A1000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1848-866-0x0000000002290000-0x00000000023A1000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1848-868-0x0000000002290000-0x00000000023A1000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1848-870-0x0000000002290000-0x00000000023A1000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1848-872-0x0000000002290000-0x00000000023A1000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1848-811-0x0000000002290000-0x00000000023A1000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1848-2552-0x0000000002100000-0x0000000002281000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/1848-8686-0x0000000002290000-0x00000000023A1000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1848-8693-0x0000000000400000-0x000000000056F000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1848-8699-0x0000000000400000-0x000000000056F000-memory.dmp

          Filesize

          1.4MB

          Download