Overview

overview

10

Static

static

10

47358c472d...aa.dll

windows7-x64

10

47358c472d...aa.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    47358c472dcbb0c9e3b159f51eaf3856c03abfbe2abff0d721c99a5ea088bbaa

  • Size

    51KB

  • Sample

    240522-17vklaba76

  • MD5

    3d21ff350d69045d03394ef4a5bcc5d3

  • SHA1

    39a67c2ff143687f15563fbaa9d29907120d8dac

  • SHA256

    47358c472dcbb0c9e3b159f51eaf3856c03abfbe2abff0d721c99a5ea088bbaa

  • SHA512

    d2e0480e54c63596fcf0d089495413e6ffbde25cc585827cb5015c5dffe7db6903697388b9ba0e36f825e2f24033a3171115327c8a38c8b31386fcba2db1df97

  • SSDEEP

    1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLeJYH5:1dWubF3n9S91BF3fboyJYH5

Score
10/10
gh0stratrat

Malware Config

Extracted

Family

gh0strat

C2

kinh.xmcxmr.com

Targets

    • Target

      47358c472dcbb0c9e3b159f51eaf3856c03abfbe2abff0d721c99a5ea088bbaa

    • Size

      51KB

    • MD5

      3d21ff350d69045d03394ef4a5bcc5d3

    • SHA1

      39a67c2ff143687f15563fbaa9d29907120d8dac

    • SHA256

      47358c472dcbb0c9e3b159f51eaf3856c03abfbe2abff0d721c99a5ea088bbaa

    • SHA512

      d2e0480e54c63596fcf0d089495413e6ffbde25cc585827cb5015c5dffe7db6903697388b9ba0e36f825e2f24033a3171115327c8a38c8b31386fcba2db1df97

    • SSDEEP

      1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLeJYH5:1dWubF3n9S91BF3fboyJYH5

    Score
    10/10
    gh0stratrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks