Overview

overview

10

Static

static

3

44c3e4e9bf...98.exe

windows7-x64

10

44c3e4e9bf...98.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    44c3e4e9bfd65d58e0dbf49a7c343794ff05cbef00266820e8e92917949e2898

  • Size

    1.4MB

  • Sample

    240526-g5tezaaf49

  • MD5

    75a7defce549f51b003075db00f00b8c

  • SHA1

    25bf5c1dcf57e249dbb36c8a966627e2ec6a6cc6

  • SHA256

    44c3e4e9bfd65d58e0dbf49a7c343794ff05cbef00266820e8e92917949e2898

  • SHA512

    876d9bc44f2c581c94684f746b44a4bb5fadb25123758a7a3ee554e94047b322454eae4b996cfd886f982aaf8626b8f3f76b41217dfa8daf8d51440ba4d5ddf7

  • SSDEEP

    12288:UkPSMdzLMPWNHftVFkRaveiBVx3JXJ3TLHvsicK4MqtU7e5oZRgkkm69XlnnfQsv:LP/dXMwxkRmqt7oZC/wnX5GKz8co

Score
10/10
gh0stratpersistencerat

Malware Config

Targets

    • Target

      44c3e4e9bfd65d58e0dbf49a7c343794ff05cbef00266820e8e92917949e2898

    • Size

      1.4MB

    • MD5

      75a7defce549f51b003075db00f00b8c

    • SHA1

      25bf5c1dcf57e249dbb36c8a966627e2ec6a6cc6

    • SHA256

      44c3e4e9bfd65d58e0dbf49a7c343794ff05cbef00266820e8e92917949e2898

    • SHA512

      876d9bc44f2c581c94684f746b44a4bb5fadb25123758a7a3ee554e94047b322454eae4b996cfd886f982aaf8626b8f3f76b41217dfa8daf8d51440ba4d5ddf7

    • SSDEEP

      12288:UkPSMdzLMPWNHftVFkRaveiBVx3JXJ3TLHvsicK4MqtU7e5oZRgkkm69XlnnfQsv:LP/dXMwxkRmqt7oZC/wnX5GKz8co

    Score
    10/10
    gh0stratratpersistence

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Deletes itself

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks