Overview

overview

10

Static

static

10

e63e3e2529...b8.dll

windows7-x64

10

e63e3e2529...b8.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e63e3e252942e727a14c9b6feabd797a3e4352fa13f0dac80688ff6f4ab6e4b8

  • Size

    51KB

  • Sample

    240526-eyzbjaeg3s

  • MD5

    263353643eb95f6f9fa4741da9a702fe

  • SHA1

    8261f6631c97e9156654b7f0f9af7450336bf11e

  • SHA256

    e63e3e252942e727a14c9b6feabd797a3e4352fa13f0dac80688ff6f4ab6e4b8

  • SHA512

    f3e239d45dbe1701a2ee1476aa76f81193b6e281f8f0575ece643eebccb2cd08a719488ac3019b0b2a2cbb63487f64b31521a4a6b27ef8192c8de404cd8a84fb

  • SSDEEP

    1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLaJYH5:1dWubF3n9S91BF3fbo+JYH5

Score
10/10
gh0stratrat

Malware Config

Extracted

Family

gh0strat

C2

kinh.xmcxmr.com

Targets

    • Target

      e63e3e252942e727a14c9b6feabd797a3e4352fa13f0dac80688ff6f4ab6e4b8

    • Size

      51KB

    • MD5

      263353643eb95f6f9fa4741da9a702fe

    • SHA1

      8261f6631c97e9156654b7f0f9af7450336bf11e

    • SHA256

      e63e3e252942e727a14c9b6feabd797a3e4352fa13f0dac80688ff6f4ab6e4b8

    • SHA512

      f3e239d45dbe1701a2ee1476aa76f81193b6e281f8f0575ece643eebccb2cd08a719488ac3019b0b2a2cbb63487f64b31521a4a6b27ef8192c8de404cd8a84fb

    • SSDEEP

      1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLaJYH5:1dWubF3n9S91BF3fbo+JYH5

    Score
    10/10
    gh0stratrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks