Overview

overview

10

Static

static

10

86fb29a422...8f.dll

windows7-x64

10

86fb29a422...8f.dll

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    86fb29a422e91557ca62ea6575858a6ac0f4a8d911045ccd95fb4dcd24e7878f

  • Size

    51KB

  • Sample

    241111-3y1flayndx

  • MD5

    17b080f01191445a3227b5a413718d07

  • SHA1

    c6b50b86e72bfbdae0b7fb0cf71987668f52495a

  • SHA256

    86fb29a422e91557ca62ea6575858a6ac0f4a8d911045ccd95fb4dcd24e7878f

  • SHA512

    063bd19e3501b03f268d0ff587eab32d0ae520525b026d69602748ba3971a13d8c569b5616e222bc1cd7f0106e653fbe0677b5e2bcc73ea4c1a76b9ae9cdba51

  • SSDEEP

    1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoL1JYH5:1dWubF3n9S91BF3fboRJYH5

Score
10/10
gh0stratdiscoveryrat

Malware Config

Extracted

Family

gh0strat

C2

kinh.xmcxmr.com

Targets

    • Target

      86fb29a422e91557ca62ea6575858a6ac0f4a8d911045ccd95fb4dcd24e7878f

    • Size

      51KB

    • MD5

      17b080f01191445a3227b5a413718d07

    • SHA1

      c6b50b86e72bfbdae0b7fb0cf71987668f52495a

    • SHA256

      86fb29a422e91557ca62ea6575858a6ac0f4a8d911045ccd95fb4dcd24e7878f

    • SHA512

      063bd19e3501b03f268d0ff587eab32d0ae520525b026d69602748ba3971a13d8c569b5616e222bc1cd7f0106e653fbe0677b5e2bcc73ea4c1a76b9ae9cdba51

    • SSDEEP

      1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoL1JYH5:1dWubF3n9S91BF3fboRJYH5

    Score
    10/10
    gh0stratdiscoveryrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Gh0strat family

      gh0strat
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks