Overview

overview

10

Static

static

3

a4d6af9917...66.exe

windows7-x64

10

a4d6af9917...66.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a4d6af99179800af2216de278bb8b2612095a945378be677608755701646a066

  • Size

    4.6MB

  • Sample

    240625-2mm6fsyalg

  • MD5

    f366ee0e9cdc2da818f50b7ce664cb59

  • SHA1

    b1fab8d4da60f84ac023eca4a5155c46e767baf3

  • SHA256

    a4d6af99179800af2216de278bb8b2612095a945378be677608755701646a066

  • SHA512

    60c581c539a0c0c5055199b0a1db3ccd1bbc0d18f0725e3fa1103573b67288f4aebcef887344ae19b4beeb3742f232a77635b80e154509925c44dfdf1f25346b

  • SSDEEP

    49152:GYREXSVMKi3VbXsPNIULkmp1/j6AeXZG7wmpvGF1IP9z5WuHC4O8b8ITDnl27PLn:D2SVMK8VbXsPN5kiQaZ56

Score
10/10
gh0stratpersistencerat

Malware Config

Targets

    • Target

      a4d6af99179800af2216de278bb8b2612095a945378be677608755701646a066

    • Size

      4.6MB

    • MD5

      f366ee0e9cdc2da818f50b7ce664cb59

    • SHA1

      b1fab8d4da60f84ac023eca4a5155c46e767baf3

    • SHA256

      a4d6af99179800af2216de278bb8b2612095a945378be677608755701646a066

    • SHA512

      60c581c539a0c0c5055199b0a1db3ccd1bbc0d18f0725e3fa1103573b67288f4aebcef887344ae19b4beeb3742f232a77635b80e154509925c44dfdf1f25346b

    • SSDEEP

      49152:GYREXSVMKi3VbXsPNIULkmp1/j6AeXZG7wmpvGF1IP9z5WuHC4O8b8ITDnl27PLn:D2SVMK8VbXsPN5kiQaZ56

    Score
    10/10
    gh0stratpersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Server Software Component: Terminal Services DLL

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks