Overview

overview

10

Static

static

10

b5aabb8fe8...6a.dll

windows7-x64

10

b5aabb8fe8...6a.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b5aabb8fe84bb0c601d042985624e3b51b044a2ec0efb316a30cc499009c746a

  • Size

    51KB

  • Sample

    240525-xm9l8seh89

  • MD5

    1834b142de54adce132158670ebfa461

  • SHA1

    d01cdb1093e4052d683c5b9df32c795d28f081e7

  • SHA256

    b5aabb8fe84bb0c601d042985624e3b51b044a2ec0efb316a30cc499009c746a

  • SHA512

    7ff71e7a84f591aa58f1afea29afe0f159506f633cb0f5565150d1df77e53c0ff11742c3481e75cee02e71d4a08dffcb718fe31cbb2fc41bdfc0e1a7ce8f0809

  • SSDEEP

    1536:1WmqoiBMNbMWtYNif/n9S91BF3frQoLfJYH5:1dWubF3n9S91BF3f8oLJYH5

Score
10/10
gh0stratrat

Malware Config

Extracted

Family

gh0strat

C2

kinh.xmcxmr.com

Targets

    • Target

      b5aabb8fe84bb0c601d042985624e3b51b044a2ec0efb316a30cc499009c746a

    • Size

      51KB

    • MD5

      1834b142de54adce132158670ebfa461

    • SHA1

      d01cdb1093e4052d683c5b9df32c795d28f081e7

    • SHA256

      b5aabb8fe84bb0c601d042985624e3b51b044a2ec0efb316a30cc499009c746a

    • SHA512

      7ff71e7a84f591aa58f1afea29afe0f159506f633cb0f5565150d1df77e53c0ff11742c3481e75cee02e71d4a08dffcb718fe31cbb2fc41bdfc0e1a7ce8f0809

    • SSDEEP

      1536:1WmqoiBMNbMWtYNif/n9S91BF3frQoLfJYH5:1dWubF3n9S91BF3f8oLJYH5

    Score
    10/10
    gh0stratrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks