Overview

overview

10

Static

static

10

3192fd666e...3b.dll

windows7-x64

10

3192fd666e...3b.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3192fd666ed62deab99213c8eab86192f0c24884beb5ffca504a2898b0f91a3b

  • Size

    51KB

  • Sample

    241114-vm7rja1frh

  • MD5

    0be65080f74c423f90c6db268a2296c8

  • SHA1

    abe6c39ce7b945f8a8c3d08b024296f7f58001e1

  • SHA256

    3192fd666ed62deab99213c8eab86192f0c24884beb5ffca504a2898b0f91a3b

  • SHA512

    d5de94714efefa2eb4dfcecd87424b821d255d32413d951ac96930191057566c8e7c61ff3443da9b4a9c65a307ece0b96669fd0029572695b32f57ba0e0169d6

  • SSDEEP

    1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLzJYH5:1dWubF3n9S91BF3fbo3JYH5

Score
10/10
gh0stratdiscoveryrat

Malware Config

Extracted

Family

gh0strat

C2

kinh.xmcxmr.com

Targets

    • Target

      3192fd666ed62deab99213c8eab86192f0c24884beb5ffca504a2898b0f91a3b

    • Size

      51KB

    • MD5

      0be65080f74c423f90c6db268a2296c8

    • SHA1

      abe6c39ce7b945f8a8c3d08b024296f7f58001e1

    • SHA256

      3192fd666ed62deab99213c8eab86192f0c24884beb5ffca504a2898b0f91a3b

    • SHA512

      d5de94714efefa2eb4dfcecd87424b821d255d32413d951ac96930191057566c8e7c61ff3443da9b4a9c65a307ece0b96669fd0029572695b32f57ba0e0169d6

    • SSDEEP

      1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLzJYH5:1dWubF3n9S91BF3fbo3JYH5

    Score
    10/10
    gh0stratdiscoveryrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Gh0strat family

      gh0strat
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks