Overview

overview

10

Static

static

3

b782eb18e4...eN.exe

windows7-x64

10

b782eb18e4...eN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b782eb18e415722aa14a0b8a51f3d6a8f108efc3b5c0f8304dafc939bf1cab1eN

  • Size

    2.7MB

  • Sample

    241114-hae5jawalk

  • MD5

    7e77836efbcd079168bb79cb5a07e910

  • SHA1

    beb7e3e76003c9b6ba73c03b07d3e50dcb59b3b1

  • SHA256

    b782eb18e415722aa14a0b8a51f3d6a8f108efc3b5c0f8304dafc939bf1cab1e

  • SHA512

    ac5f4eceea1058079c43122882ac752da2fd8cc9e768ef55cc0b954a049535fd31d41b8f8b1f67802bdae1663ced87084b3a83a5bbbb01030b36e8dbcbaf0399

  • SSDEEP

    49152:/YREXSVMDi39x7kYKy2Re589Y+wejfxYD2qQfs+RiieNXs:A2SVMD8n7kYec589YLeLxYD2qQfs+Rs8

Score
10/10
gh0stratdiscoverypersistencerat

Malware Config

Targets

    • Target

      b782eb18e415722aa14a0b8a51f3d6a8f108efc3b5c0f8304dafc939bf1cab1eN

    • Size

      2.7MB

    • MD5

      7e77836efbcd079168bb79cb5a07e910

    • SHA1

      beb7e3e76003c9b6ba73c03b07d3e50dcb59b3b1

    • SHA256

      b782eb18e415722aa14a0b8a51f3d6a8f108efc3b5c0f8304dafc939bf1cab1e

    • SHA512

      ac5f4eceea1058079c43122882ac752da2fd8cc9e768ef55cc0b954a049535fd31d41b8f8b1f67802bdae1663ced87084b3a83a5bbbb01030b36e8dbcbaf0399

    • SSDEEP

      49152:/YREXSVMDi39x7kYKy2Re589Y+wejfxYD2qQfs+RiieNXs:A2SVMD8n7kYec589YLeLxYD2qQfs+Rs8

    Score
    10/10
    gh0stratdiscoverypersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Gh0strat family

      gh0strat

    • Server Software Component: Terminal Services DLL

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks