Overview

overview

10

Static

static

3

228badf283...5f.exe

windows7-x64

10

228badf283...5f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    228badf283023ad84b51ce97207368a4688f4f3377a52f72dab70369ec13305f

  • Size

    4.5MB

  • Sample

    240526-nf5j9sgd8z

  • MD5

    adaa233d89dd91884f591c90c3b9b735

  • SHA1

    2c3646edb530be765277b2cf9d64e6769d6b377f

  • SHA256

    228badf283023ad84b51ce97207368a4688f4f3377a52f72dab70369ec13305f

  • SHA512

    5db95fe3a82d616d5a8721d77281f89618d5e92bfe0d6eb6a91aa0ea93ca1a8911ab52e0fb14f64b00ab65c92b362e31daa73caf21b6ee61a9391cfca3b2d3c8

  • SSDEEP

    49152:dYREXSVMDi3PabXsPNIULkmp1/j6AeXZG7wmpvGF1IP9z5WuHC4O8b8ITDnl27PL:y2SVMD8PabXsPN5kiQaZ56

Score
10/10
gh0stratpersistencerat

Malware Config

Targets

    • Target

      228badf283023ad84b51ce97207368a4688f4f3377a52f72dab70369ec13305f

    • Size

      4.5MB

    • MD5

      adaa233d89dd91884f591c90c3b9b735

    • SHA1

      2c3646edb530be765277b2cf9d64e6769d6b377f

    • SHA256

      228badf283023ad84b51ce97207368a4688f4f3377a52f72dab70369ec13305f

    • SHA512

      5db95fe3a82d616d5a8721d77281f89618d5e92bfe0d6eb6a91aa0ea93ca1a8911ab52e0fb14f64b00ab65c92b362e31daa73caf21b6ee61a9391cfca3b2d3c8

    • SSDEEP

      49152:dYREXSVMDi3PabXsPNIULkmp1/j6AeXZG7wmpvGF1IP9z5WuHC4O8b8ITDnl27PL:y2SVMD8PabXsPN5kiQaZ56

    Score
    10/10
    gh0stratpersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Sets DLL path for service in the registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks