Overview

overview

10

Static

static

3

fbcc1ad4ff...12.exe

windows7-x64

10

fbcc1ad4ff...12.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fbcc1ad4ff00419232dc85f007abb0763f82d00b086e9958f2d02dc37b266812

  • Size

    1.6MB

  • Sample

    240525-x5lccsfg66

  • MD5

    a3cc6da61c8e5895483552461ab78463

  • SHA1

    84b530f2931ee02dfc4891fadb481db49f5b7071

  • SHA256

    fbcc1ad4ff00419232dc85f007abb0763f82d00b086e9958f2d02dc37b266812

  • SHA512

    0fccf6f8795755254474934c69a0406a3add1ec6b6f77c274d53cafc77094662914618c452bc4318d8d6fde448359d248418be664372df11c55671ffc88fbdfc

  • SSDEEP

    24576:gYFbkIsaPiXSVnC7Yp9zjNmZG8RRl9ByzHTqfa14:gYREXSVMKi3Gqf5

Score
10/10
gh0stratpersistencerat

Malware Config

Targets

    • Target

      fbcc1ad4ff00419232dc85f007abb0763f82d00b086e9958f2d02dc37b266812

    • Size

      1.6MB

    • MD5

      a3cc6da61c8e5895483552461ab78463

    • SHA1

      84b530f2931ee02dfc4891fadb481db49f5b7071

    • SHA256

      fbcc1ad4ff00419232dc85f007abb0763f82d00b086e9958f2d02dc37b266812

    • SHA512

      0fccf6f8795755254474934c69a0406a3add1ec6b6f77c274d53cafc77094662914618c452bc4318d8d6fde448359d248418be664372df11c55671ffc88fbdfc

    • SSDEEP

      24576:gYFbkIsaPiXSVnC7Yp9zjNmZG8RRl9ByzHTqfa14:gYREXSVMKi3Gqf5

    Score
    10/10
    gh0stratpersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Sets DLL path for service in the registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks