Overview

overview

10

Static

static

10

fa166fc0fc...5b.dll

windows7-x64

10

fa166fc0fc...5b.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fa166fc0fcb0dbb98bdeb60c340c54b1999d25180b392adad7141efeafe52b5b

  • Size

    51KB

  • Sample

    240525-vtxj5sbf41

  • MD5

    dfa172a5a0cd1b2ad4be32308cb10477

  • SHA1

    4a507d49bad5f937139dac6485d2bd8488f3b0e3

  • SHA256

    fa166fc0fcb0dbb98bdeb60c340c54b1999d25180b392adad7141efeafe52b5b

  • SHA512

    62cf0a29330e701214775d16a71b167f312e04290dd0f951dc838e61d8094019d9cf5d74adb32cfb2b9181f8e86869781e7693c69610c22ca466b877e54b0e9b

  • SSDEEP

    1536:1WmqoiBMNbMWtYNif/n9S91BF3frioLTJYH5:1dWubF3n9S91BF3fuoPJYH5

Score
10/10
gh0stratrat

Malware Config

Extracted

Family

gh0strat

C2

kinh.xmcxmr.com

Targets

    • Target

      fa166fc0fcb0dbb98bdeb60c340c54b1999d25180b392adad7141efeafe52b5b

    • Size

      51KB

    • MD5

      dfa172a5a0cd1b2ad4be32308cb10477

    • SHA1

      4a507d49bad5f937139dac6485d2bd8488f3b0e3

    • SHA256

      fa166fc0fcb0dbb98bdeb60c340c54b1999d25180b392adad7141efeafe52b5b

    • SHA512

      62cf0a29330e701214775d16a71b167f312e04290dd0f951dc838e61d8094019d9cf5d74adb32cfb2b9181f8e86869781e7693c69610c22ca466b877e54b0e9b

    • SSDEEP

      1536:1WmqoiBMNbMWtYNif/n9S91BF3frioLTJYH5:1dWubF3n9S91BF3fuoPJYH5

    Score
    10/10
    gh0stratrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks