Overview

overview

10

Static

static

3

157bdfd303...7N.exe

windows7-x64

10

157bdfd303...7N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    157bdfd3039284f1e1c98fcb6b807752b3cdd4bc66ff191cf8ee3a0f5fa4f817N

  • Size

    168KB

  • Sample

    241017-zkvreavhmh

  • MD5

    365d7b238853b3bef2a7377c9a352f90

  • SHA1

    f375b83a16d69ff2c844ffc1030b885cb5e8bc6f

  • SHA256

    157bdfd3039284f1e1c98fcb6b807752b3cdd4bc66ff191cf8ee3a0f5fa4f817

  • SHA512

    fe4d9cbfd6cc8613f79280af726043d87f46e3b7c2b80b8e87cc293a4d23080beb705754ed3b1580a4c674013702806243f3724c1476f18fe973512adc6c8ee1

  • SSDEEP

    3072:1Yix6V76yP8uCJOdtsMrPPdSp+2kePZ0kfrKB:1YixcHR6MTPdw+2kSOkfu

Score
10/10
gh0strataspackv2discoveryrat

Malware Config

Targets

    • Target

      157bdfd3039284f1e1c98fcb6b807752b3cdd4bc66ff191cf8ee3a0f5fa4f817N

    • Size

      168KB

    • MD5

      365d7b238853b3bef2a7377c9a352f90

    • SHA1

      f375b83a16d69ff2c844ffc1030b885cb5e8bc6f

    • SHA256

      157bdfd3039284f1e1c98fcb6b807752b3cdd4bc66ff191cf8ee3a0f5fa4f817

    • SHA512

      fe4d9cbfd6cc8613f79280af726043d87f46e3b7c2b80b8e87cc293a4d23080beb705754ed3b1580a4c674013702806243f3724c1476f18fe973512adc6c8ee1

    • SSDEEP

      3072:1Yix6V76yP8uCJOdtsMrPPdSp+2kePZ0kfrKB:1YixcHR6MTPdw+2kSOkfu

    Score
    10/10
    gh0strataspackv2discoveryrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Blocklisted process makes network request

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Deletes itself

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks