Overview

overview

10

Static

static

3

ef18990309...58.exe

windows7-x64

10

ef18990309...58.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ef18990309bdfd3b6a36c656ac642d9aa65baf779e4118531ae6efdea466d958

  • Size

    5.4MB

  • Sample

    240909-xphxasvakq

  • MD5

    b55ce6c5106011d92c90fd53204e1fe0

  • SHA1

    fd7f83d5ebba49494d388ed19d5e8c845d912495

  • SHA256

    ef18990309bdfd3b6a36c656ac642d9aa65baf779e4118531ae6efdea466d958

  • SHA512

    060291617a5c8d72d413fc6b521d38b1317db566b87638004a95323c1e7705fac5fd25706b6c0b44c8e89e6c177947578532ef98663b649e7ae07fa0af3c754d

  • SSDEEP

    49152:+ihX83I8gg92RilG4+vGnPEMbyt38BMAbQvI1VOWK8FZOrSK66X0tZAPMTFDcc6H:3II8ggwMlG4iGPE6G38m8FE56mrNFd

Score
10/10
gh0stratdiscoverypersistencerat

Malware Config

Targets

    • Target

      ef18990309bdfd3b6a36c656ac642d9aa65baf779e4118531ae6efdea466d958

    • Size

      5.4MB

    • MD5

      b55ce6c5106011d92c90fd53204e1fe0

    • SHA1

      fd7f83d5ebba49494d388ed19d5e8c845d912495

    • SHA256

      ef18990309bdfd3b6a36c656ac642d9aa65baf779e4118531ae6efdea466d958

    • SHA512

      060291617a5c8d72d413fc6b521d38b1317db566b87638004a95323c1e7705fac5fd25706b6c0b44c8e89e6c177947578532ef98663b649e7ae07fa0af3c754d

    • SSDEEP

      49152:+ihX83I8gg92RilG4+vGnPEMbyt38BMAbQvI1VOWK8FZOrSK66X0tZAPMTFDcc6H:3II8ggwMlG4iGPE6G38m8FE56mrNFd

    Score
    10/10
    gh0stratdiscoveryratpersistence

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks