Overview

overview

10

Static

static

3

2024-07-06...ia.exe

windows7-x64

10

2024-07-06...ia.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/07/2024, 06:23

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-07-06_198c838391f0281ad9a30cef7d242da3_mafia.exe

  • Size

    2.8MB

  • MD5

    198c838391f0281ad9a30cef7d242da3

  • SHA1

    8d65879c43c28b69fd499885c0bf8b8886cbf9d6

  • SHA256

    7106a351ad1e0c6d256b8ed89db8eec1425aa559c53f24d943cd842ccd42afe7

  • SHA512

    06d8ed30077e0c654324ab20d3fc89abef9465cd657b5e8db4cd2655ce12b82ea5c0928bf399bbef8e7b48853f7655453df2d64af2e4d3744940da5f69c5ba51

  • SSDEEP

    49152:x/+WSk4sI39QE+OaKCBI1ZBGLRqmTowog5l6uUFwQbLpX+yVg+3LSku9osDTvZ9d:hSk4sI39H+Oaha1zGL9TowP5l6uUF5by

Score
10/10
gh0stratpersistencerat

Malware Config

Extracted

Family

gh0strat

C2

127.0.0.1

Signatures

  • Gh0st RAT payload 1 IoCs
  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-07-06_198c838391f0281ad9a30cef7d242da3_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-07-06_198c838391f0281ad9a30cef7d242da3_mafia.exe"
    1⤵
    • Adds Run key to start application
    PID:4948

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/4948-0-0x0000000010000000-0x0000000010015000-memory.dmp

          Filesize

          84KB

          Download