Overview

overview

10

Static

static

3

506c946ecc...6b.exe

windows7-x64

10

506c946ecc...6b.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    144s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    13/06/2024, 01:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    506c946ecc0877b13de8fb977de24a7b9e14054d44ca547e518084c914334a6b.exe

  • Size

    60KB

  • MD5

    e3a85d48bf8710f3d038d9d8d4fc6ff1

  • SHA1

    67fc0fd066d898a93966c0d5d71e7e71ba478db0

  • SHA256

    506c946ecc0877b13de8fb977de24a7b9e14054d44ca547e518084c914334a6b

  • SHA512

    6a319c4219d9e941b4fe7dd4bd303cd88dd42b392b9836dc37c94a4a737246509c5dd8b20d86624227559d904429dce1942ba41b31f98156250c58524f7238e0

  • SSDEEP

    768:3e1iZNbQAKrWGOkGQeN70ZqL37FsKBBmbUt4i:36iZNer5GQvkSath

Score
10/10
gh0stratratupx

Malware Config

Signatures

  • Gh0st RAT payload 5 IoCs
  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat
  • Detects Windows executables referencing non-Windows User-Agents 5 IoCs
  • UPX dump on OEP (original entry point) 6 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\506c946ecc0877b13de8fb977de24a7b9e14054d44ca547e518084c914334a6b.exe
    "C:\Users\Admin\AppData\Local\Temp\506c946ecc0877b13de8fb977de24a7b9e14054d44ca547e518084c914334a6b.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2440

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\AppPatch\8.77.dll
    Filesize

    240KB

    MD5

    0a74e0bffbce3cc5466796739cfdeb44

    SHA1

    c3b50df0a1de18b7053bff1b0293f5512f824055

    SHA256

    cdabc33a27b23c2060637193a4cbad94e16d31e6a4df7d67bdc6b63c1d056b30

    SHA512

    9fb4f39d95820f63da2d8767b76f317c512a8db1b86428f04baf4b163d0deaee5c4726c9f66807a3b1c223d575557fabc88e0cde73a4561b304f6edd76b8cc36

    Download Submit

  • memory/2440-5-0x0000000010000000-0x000000001034B000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/2440-8-0x0000000010000000-0x000000001034B000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/2440-9-0x0000000010000000-0x000000001034B000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/2440-10-0x0000000010000000-0x000000001034B000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/2440-11-0x0000000010000000-0x000000001034B000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/2440-12-0x0000000010000000-0x000000001034B000-memory.dmp

    Filesize

    3.3MB

    Download