Overview

overview

10

Static

static

3

4b90588b7c...b8.exe

windows7-x64

10

4b90588b7c...b8.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    4b90588b7c012b6e6f913ddd499f33b8b973e6ffbfb5926942122ba053272db8

  • Size

    376KB

  • Sample

    240605-2e1ftabg26

  • MD5

    99bf9a530000c1d13f5a0a84e6fa89d0

  • SHA1

    37ea9b81707c9f904a12e7a6444defc1fb0e64e4

  • SHA256

    4b90588b7c012b6e6f913ddd499f33b8b973e6ffbfb5926942122ba053272db8

  • SHA512

    07570afb01e5cde84930946b10934f5097a6ae17984fb836e416f25beb72a89799357f51925d276e1b42034f0f95cfbe6fd78e5313ff51ba96b596f4d6e938dc

  • SSDEEP

    6144:zIHYsZbS31zXqSNQgeiOKnDYVH0pwpMWEmpRBJ1NuUBY+f7zAF11whggaoHofphC:zIVZel6SOgeiOKEVH0ppWfBJ7XBczmR/

Score
10/10
gh0stratpersistencerat

Malware Config

Targets

    • Target

      4b90588b7c012b6e6f913ddd499f33b8b973e6ffbfb5926942122ba053272db8

    • Size

      376KB

    • MD5

      99bf9a530000c1d13f5a0a84e6fa89d0

    • SHA1

      37ea9b81707c9f904a12e7a6444defc1fb0e64e4

    • SHA256

      4b90588b7c012b6e6f913ddd499f33b8b973e6ffbfb5926942122ba053272db8

    • SHA512

      07570afb01e5cde84930946b10934f5097a6ae17984fb836e416f25beb72a89799357f51925d276e1b42034f0f95cfbe6fd78e5313ff51ba96b596f4d6e938dc

    • SSDEEP

      6144:zIHYsZbS31zXqSNQgeiOKnDYVH0pwpMWEmpRBJ1NuUBY+f7zAF11whggaoHofphC:zIVZel6SOgeiOKEVH0ppWfBJ7XBczmR/

    Score
    10/10
    gh0stratpersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks