Overview

overview

10

Static

static

10

544e64ca28...e1.dll

windows7-x64

10

544e64ca28...e1.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    544e64ca28e335d6b4e51c4b437550c3524734f17c738fdafc6e493577f98de1

  • Size

    51KB

  • Sample

    240525-yydjlshc52

  • MD5

    9bb4d5012ea1222812d3bf0755dbe36c

  • SHA1

    50481e265c11ed46aac5e7487da59dafee0edf71

  • SHA256

    544e64ca28e335d6b4e51c4b437550c3524734f17c738fdafc6e493577f98de1

  • SHA512

    2efac20af082c21cd64768863d0675a05a330919e1b1922ee8cb8a4160e4d1e1f1496a4f904ca544ff1b069cb034cd208fe7a7fb80cba5fa5b3ba7480c48b4a7

  • SSDEEP

    1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLYJYH5:1dWubF3n9S91BF3fbokJYH5

Score
10/10
gh0stratrat

Malware Config

Extracted

Family

gh0strat

C2

kinh.xmcxmr.com

Targets

    • Target

      544e64ca28e335d6b4e51c4b437550c3524734f17c738fdafc6e493577f98de1

    • Size

      51KB

    • MD5

      9bb4d5012ea1222812d3bf0755dbe36c

    • SHA1

      50481e265c11ed46aac5e7487da59dafee0edf71

    • SHA256

      544e64ca28e335d6b4e51c4b437550c3524734f17c738fdafc6e493577f98de1

    • SHA512

      2efac20af082c21cd64768863d0675a05a330919e1b1922ee8cb8a4160e4d1e1f1496a4f904ca544ff1b069cb034cd208fe7a7fb80cba5fa5b3ba7480c48b4a7

    • SSDEEP

      1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLYJYH5:1dWubF3n9S91BF3fbokJYH5

    Score
    10/10
    gh0stratrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks