Overview

overview

10

Static

static

10

3f8d1b2c7c...c9.dll

windows7-x64

10

3f8d1b2c7c...c9.dll

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    3f8d1b2c7c44e67db8982baa35f7eeeb2d009f2e2d82e9d2011be373e3f8dec9

  • Size

    165KB

  • Sample

    240423-qn9kasgf2s

  • MD5

    798449b0645ed3dc07ff41ec4f62380a

  • SHA1

    3d136e41a8dbd4192a4dfa20c7a69d6e159575ff

  • SHA256

    3f8d1b2c7c44e67db8982baa35f7eeeb2d009f2e2d82e9d2011be373e3f8dec9

  • SHA512

    329ce5d596bfdbaa70c9982b510aeae0dc54125f662208577cd0bac47fd4d1d819ab03bf9f169892ff8f06775013e84acc39442f0634dd69ebd9519b64e75ab5

  • SSDEEP

    3072:LUDBHy4BBy6eFJrmmIewRxM6JSQTqGd4Pwc3q:L0yB6oJrcRZQcqGywq

Score
10/10
gh0stratrat

Malware Config

Targets

    • Target

      3f8d1b2c7c44e67db8982baa35f7eeeb2d009f2e2d82e9d2011be373e3f8dec9

    • Size

      165KB

    • MD5

      798449b0645ed3dc07ff41ec4f62380a

    • SHA1

      3d136e41a8dbd4192a4dfa20c7a69d6e159575ff

    • SHA256

      3f8d1b2c7c44e67db8982baa35f7eeeb2d009f2e2d82e9d2011be373e3f8dec9

    • SHA512

      329ce5d596bfdbaa70c9982b510aeae0dc54125f662208577cd0bac47fd4d1d819ab03bf9f169892ff8f06775013e84acc39442f0634dd69ebd9519b64e75ab5

    • SSDEEP

      3072:LUDBHy4BBy6eFJrmmIewRxM6JSQTqGd4Pwc3q:L0yB6oJrcRZQcqGywq

    Score
    10/10
    gh0stratrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks