Overview

overview

10

Static

static

3

fec9a4cd24...ae.exe

windows7-x64

10

fec9a4cd24...ae.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fec9a4cd24f81b28f104aae1c9622201ee714fc4f167af2d8251d30d1b6be1ae

  • Size

    4.6MB

  • Sample

    240526-h8ge9aca96

  • MD5

    d2b23780758c2866b005e51c44794bfd

  • SHA1

    ab872ea48cffa6e37aea15ae68eef94f8cba36fc

  • SHA256

    fec9a4cd24f81b28f104aae1c9622201ee714fc4f167af2d8251d30d1b6be1ae

  • SHA512

    5a423a45471c778c16b60444fbeb642694af4e11c381aa3e4a85c03e6a4f032f0019798ecc7b3129f5de1812b2261ed1013cf7a7f67a073f5002517a0a9967f9

  • SSDEEP

    49152:9YREXSVMDi3LMbXsPNIULkmp1/j6AeXZG7wmpvGF1IP9z5WuHC4O8b8ITDnl27PL:S2SVMD8LMbXsPN5kiQaZ56

Score
10/10
gh0stratpersistencerat

Malware Config

Targets

    • Target

      fec9a4cd24f81b28f104aae1c9622201ee714fc4f167af2d8251d30d1b6be1ae

    • Size

      4.6MB

    • MD5

      d2b23780758c2866b005e51c44794bfd

    • SHA1

      ab872ea48cffa6e37aea15ae68eef94f8cba36fc

    • SHA256

      fec9a4cd24f81b28f104aae1c9622201ee714fc4f167af2d8251d30d1b6be1ae

    • SHA512

      5a423a45471c778c16b60444fbeb642694af4e11c381aa3e4a85c03e6a4f032f0019798ecc7b3129f5de1812b2261ed1013cf7a7f67a073f5002517a0a9967f9

    • SSDEEP

      49152:9YREXSVMDi3LMbXsPNIULkmp1/j6AeXZG7wmpvGF1IP9z5WuHC4O8b8ITDnl27PL:S2SVMD8LMbXsPN5kiQaZ56

    Score
    10/10
    gh0stratpersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Sets DLL path for service in the registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks