Overview

overview

10

Static

static

3

260209cefc...97.exe

windows7-x64

10

260209cefc...97.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    260209cefc32912207ec3f23fdd66b3b3442c8d25db0fc0c7cd2957da3e2d897

  • Size

    2.7MB

  • Sample

    240526-kb6pzscd2s

  • MD5

    b8a4c7f25256c11bcf931b1c31662912

  • SHA1

    a02f2de4f195839b50728f1a116a8751c3895e8e

  • SHA256

    260209cefc32912207ec3f23fdd66b3b3442c8d25db0fc0c7cd2957da3e2d897

  • SHA512

    b6136527b8b30e61951f9e4d3ccd192872938ba707a282d740e0065fb99372a0838fadb7531f8efcd969ec4cae50a9ab3185f0112d903d3fd7e22a7b540ea399

  • SSDEEP

    49152:iYREXSVMKi32qff+XGwv2tP1zTPADnWPMklKu8bi4O8b8ITDnl13S:H2SVMK82qff+Wwv2tP1PPknK

Score
10/10
gh0stratpersistencerat

Malware Config

Targets

    • Target

      260209cefc32912207ec3f23fdd66b3b3442c8d25db0fc0c7cd2957da3e2d897

    • Size

      2.7MB

    • MD5

      b8a4c7f25256c11bcf931b1c31662912

    • SHA1

      a02f2de4f195839b50728f1a116a8751c3895e8e

    • SHA256

      260209cefc32912207ec3f23fdd66b3b3442c8d25db0fc0c7cd2957da3e2d897

    • SHA512

      b6136527b8b30e61951f9e4d3ccd192872938ba707a282d740e0065fb99372a0838fadb7531f8efcd969ec4cae50a9ab3185f0112d903d3fd7e22a7b540ea399

    • SSDEEP

      49152:iYREXSVMKi32qff+XGwv2tP1zTPADnWPMklKu8bi4O8b8ITDnl13S:H2SVMK82qff+Wwv2tP1PPknK

    Score
    10/10
    gh0stratpersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Sets DLL path for service in the registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks