Overview

overview

10

Static

static

10

cb17aa3019...be.dll

windows7-x64

10

cb17aa3019...be.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cb17aa3019cf3f9e3532cf8c1acb33a42cdd61ac37c0da54c49a48f8b68a05be

  • Size

    899KB

  • Sample

    240526-dg573sdc37

  • MD5

    1ad0fb3b82f45cd954a77e1045b4d550

  • SHA1

    6c8d40f62846bd7d8f92c9059653c8607b50f5b2

  • SHA256

    cb17aa3019cf3f9e3532cf8c1acb33a42cdd61ac37c0da54c49a48f8b68a05be

  • SHA512

    4b4a9af7351e18ad858c4447015e9cf725854d5820d5cb0f18011111af0ed899f735c4dc22cdec8b6f1506d86bef64d2166ba2ae4ff29981f32ea0f80444d171

  • SSDEEP

    24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXJ:7wqd87VJ

Score
10/10
gh0stratrat

Malware Config

Extracted

Family

gh0strat

C2

hackerinvasion.f3322.net

Targets

    • Target

      cb17aa3019cf3f9e3532cf8c1acb33a42cdd61ac37c0da54c49a48f8b68a05be

    • Size

      899KB

    • MD5

      1ad0fb3b82f45cd954a77e1045b4d550

    • SHA1

      6c8d40f62846bd7d8f92c9059653c8607b50f5b2

    • SHA256

      cb17aa3019cf3f9e3532cf8c1acb33a42cdd61ac37c0da54c49a48f8b68a05be

    • SHA512

      4b4a9af7351e18ad858c4447015e9cf725854d5820d5cb0f18011111af0ed899f735c4dc22cdec8b6f1506d86bef64d2166ba2ae4ff29981f32ea0f80444d171

    • SSDEEP

      24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXJ:7wqd87VJ

    Score
    10/10
    gh0stratrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks