Overview

overview

10

Static

static

3

1a905489c4...da.exe

windows7-x64

10

1a905489c4...da.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    1a905489c4439b366e08218464de95865566598bc1e2bb24fe89dc346c4d78da

  • Size

    1.1MB

  • Sample

    240527-rmdlxafc5y

  • MD5

    d99db83bb21fb9aee87bbb7241bd857a

  • SHA1

    a1f0027631f29854d8845eace67f6808058a27a0

  • SHA256

    1a905489c4439b366e08218464de95865566598bc1e2bb24fe89dc346c4d78da

  • SHA512

    246401a3eba330c3e74b4b88397c0fcca6ba5c107e36d25360f2fb9d9664c348a154a337ef6eff96f1f666efb50d7bf6c28b41fd42c9b56b8a036c9d0331ceae

  • SSDEEP

    24576:yYFbkIsaPiXSVnC7Yp9zkNmZG8RRlnlyzcBT:yYREXSVMDi3RB

Score
10/10
gh0stratpersistenceratupx

Malware Config

Targets

    • Target

      1a905489c4439b366e08218464de95865566598bc1e2bb24fe89dc346c4d78da

    • Size

      1.1MB

    • MD5

      d99db83bb21fb9aee87bbb7241bd857a

    • SHA1

      a1f0027631f29854d8845eace67f6808058a27a0

    • SHA256

      1a905489c4439b366e08218464de95865566598bc1e2bb24fe89dc346c4d78da

    • SHA512

      246401a3eba330c3e74b4b88397c0fcca6ba5c107e36d25360f2fb9d9664c348a154a337ef6eff96f1f666efb50d7bf6c28b41fd42c9b56b8a036c9d0331ceae

    • SSDEEP

      24576:yYFbkIsaPiXSVnC7Yp9zkNmZG8RRlnlyzcBT:yYREXSVMDi3RB

    Score
    10/10
    gh0stratpersistenceratupx

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Sets DLL path for service in the registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks