Overview

overview

10

Static

static

3

0659318410...3c.exe

windows7-x64

10

0659318410...3c.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    0659318410f016b66ef3ffae2335b493b91c558d80fb0b74d04044f829a0ac3c

  • Size

    1.5MB

  • Sample

    240528-xtp66she56

  • MD5

    bae9244f1337506561ef0a82f4898591

  • SHA1

    d747387c3a2e80d04df9fe11df6f91d742d1e181

  • SHA256

    0659318410f016b66ef3ffae2335b493b91c558d80fb0b74d04044f829a0ac3c

  • SHA512

    e104ce7b83c1567a839e9a6f954fe9093536a3125e4579b4ba357c1611e86f383c3da761e69ac9eb6fc0dce2c104b053d6e7dcdcec28c724f056bbbe3749f584

  • SSDEEP

    24576:YYFbkIsaPiXSVnC7Yp9zkNmZG8RRlnByzmXQk3I:YYREXSVMDi3ak4

Score
10/10
gh0stratpersistencerat

Malware Config

Targets

    • Target

      0659318410f016b66ef3ffae2335b493b91c558d80fb0b74d04044f829a0ac3c

    • Size

      1.5MB

    • MD5

      bae9244f1337506561ef0a82f4898591

    • SHA1

      d747387c3a2e80d04df9fe11df6f91d742d1e181

    • SHA256

      0659318410f016b66ef3ffae2335b493b91c558d80fb0b74d04044f829a0ac3c

    • SHA512

      e104ce7b83c1567a839e9a6f954fe9093536a3125e4579b4ba357c1611e86f383c3da761e69ac9eb6fc0dce2c104b053d6e7dcdcec28c724f056bbbe3749f584

    • SSDEEP

      24576:YYFbkIsaPiXSVnC7Yp9zkNmZG8RRlnByzmXQk3I:YYREXSVMDi3ak4

    Score
    10/10
    gh0stratpersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Sets DLL path for service in the registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks