Overview

overview

10

Static

static

3

545c41db25...da.exe

windows7-x64

10

545c41db25...da.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    545c41db25884341f8ecb0a8b50fe3b91c82bf344273da511156e85466dd39da

  • Size

    1.2MB

  • Sample

    240526-m7xhasgb2z

  • MD5

    b94fcd071be452b5389a91b21b497e84

  • SHA1

    1554edc69db85077a25e2bfdcca358bf1d32f9d1

  • SHA256

    545c41db25884341f8ecb0a8b50fe3b91c82bf344273da511156e85466dd39da

  • SHA512

    bc9cb8a3a2a21d966cb4e0a391328f720fc46bd5ac605a9ff0937f9e8899b85560b79a781956511c7a12b22a2c29eaa5b1298b361bd8f2b700ece9a880d56fb3

  • SSDEEP

    24576:FYFbkIsaPiXSVnC7Yp9zkNmZG8RRlnhyzh5G:FYREXSVMDi34G

Score
10/10
gh0stratpersistencerat

Malware Config

Targets

    • Target

      545c41db25884341f8ecb0a8b50fe3b91c82bf344273da511156e85466dd39da

    • Size

      1.2MB

    • MD5

      b94fcd071be452b5389a91b21b497e84

    • SHA1

      1554edc69db85077a25e2bfdcca358bf1d32f9d1

    • SHA256

      545c41db25884341f8ecb0a8b50fe3b91c82bf344273da511156e85466dd39da

    • SHA512

      bc9cb8a3a2a21d966cb4e0a391328f720fc46bd5ac605a9ff0937f9e8899b85560b79a781956511c7a12b22a2c29eaa5b1298b361bd8f2b700ece9a880d56fb3

    • SSDEEP

      24576:FYFbkIsaPiXSVnC7Yp9zkNmZG8RRlnhyzh5G:FYREXSVMDi34G

    Score
    10/10
    gh0stratpersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Sets DLL path for service in the registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks