Overview

overview

10

Static

static

3

c96306e907...88.exe

windows7-x64

10

c96306e907...88.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c96306e907e6532cb82ae4d410a5ca72fd19955e28d4c209f7b2495da9925b88

  • Size

    2.1MB

  • Sample

    241121-l9frws1mes

  • MD5

    3e1b9039148d196063ab784e4548e798

  • SHA1

    bb8c6ddf201aa6f3a23649fc7d206f6471f4f024

  • SHA256

    c96306e907e6532cb82ae4d410a5ca72fd19955e28d4c209f7b2495da9925b88

  • SHA512

    39c121a7bdb91074aac4af762cdb824d7bb78c71ac1bb4acf500293afb35e92dc49da65d91646ebbf03ae31d2428ac07409139e76bfef37c2451bc0c313af6c4

  • SSDEEP

    24576:8YFbkIsaPiXSVnC7Yp9zkNmZG8RRlnZyz/Iila8CJn0BgtscdTtOOa9pfthIDdsX:8YREXSVMDi350aFJqciOa925sRt7

Score
10/10
gh0stratdiscoverypersistencerat

Malware Config

Targets

    • Target

      c96306e907e6532cb82ae4d410a5ca72fd19955e28d4c209f7b2495da9925b88

    • Size

      2.1MB

    • MD5

      3e1b9039148d196063ab784e4548e798

    • SHA1

      bb8c6ddf201aa6f3a23649fc7d206f6471f4f024

    • SHA256

      c96306e907e6532cb82ae4d410a5ca72fd19955e28d4c209f7b2495da9925b88

    • SHA512

      39c121a7bdb91074aac4af762cdb824d7bb78c71ac1bb4acf500293afb35e92dc49da65d91646ebbf03ae31d2428ac07409139e76bfef37c2451bc0c313af6c4

    • SSDEEP

      24576:8YFbkIsaPiXSVnC7Yp9zkNmZG8RRlnZyz/Iila8CJn0BgtscdTtOOa9pfthIDdsX:8YREXSVMDi350aFJqciOa925sRt7

    Score
    10/10
    gh0stratdiscoverypersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Gh0strat family

      gh0strat

    • Server Software Component: Terminal Services DLL

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks