Overview

overview

10

Static

static

3

c72a49ad47...0N.exe

windows7-x64

10

c72a49ad47...0N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    c72a49ad47242dee133b3c800094a7d0N.exe

  • Size

    1.0MB

  • Sample

    240901-jkw2gawang

  • MD5

    c72a49ad47242dee133b3c800094a7d0

  • SHA1

    14c052e2426834029b167864dc82f046219028e4

  • SHA256

    922615813724d903619af749e98d02a93c6bc5f46f4fd92e5cffe9eb0b45c934

  • SHA512

    77129354fd388a685f84108580c6ac98db9406ffba8bd62c7ad15f4f92b5d5e037f0df501da40e3c741797830dd46f4742774c71418c6c1201e411d9c3a2c7ba

  • SSDEEP

    12288:ca4n5/w7e4tfHzViWRO8NKXv/6kIu2Pc534s4gEbnWSvfYnWlgF9b0O/5oy:cHY7XtPzoW1IvSVZhWKfrl69bV/5

Score
10/10
gh0stratdiscoverypersistencerat

Malware Config

Targets

    • Target

      c72a49ad47242dee133b3c800094a7d0N.exe

    • Size

      1.0MB

    • MD5

      c72a49ad47242dee133b3c800094a7d0

    • SHA1

      14c052e2426834029b167864dc82f046219028e4

    • SHA256

      922615813724d903619af749e98d02a93c6bc5f46f4fd92e5cffe9eb0b45c934

    • SHA512

      77129354fd388a685f84108580c6ac98db9406ffba8bd62c7ad15f4f92b5d5e037f0df501da40e3c741797830dd46f4742774c71418c6c1201e411d9c3a2c7ba

    • SSDEEP

      12288:ca4n5/w7e4tfHzViWRO8NKXv/6kIu2Pc534s4gEbnWSvfYnWlgF9b0O/5oy:cHY7XtPzoW1IvSVZhWKfrl69bV/5

    Score
    10/10
    gh0stratdiscoverypersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks