Overview

overview

10

Static

static

3

ss2.exe

windows7-x64

10

ss2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ss2.exe

  • Size

    143KB

  • Sample

    250120-lbwqfsslfz

  • MD5

    21bb462f0f0a3f4156bb6d46f95d689d

  • SHA1

    2f2ed26926fdcb869fe9398ee8cffea2e4b3b004

  • SHA256

    ac7bbace6a05f3ea6422306fe0f41c3a5252579c3a584150e9628f53a7805b50

  • SHA512

    423f4a7d8f19d30e01ca1f67545b4d1139cd3a2ed5ff4e6c6a28b68f79b805bf590acdf3278822bd937bb451a116133f1f346c5ccd528be72613ba455d668730

  • SSDEEP

    3072:mm2t+PdK2H+hUEgro3cfsVh2WlKMf3jfAw1lfR:mmpVKco3usRIMf3jf/1F

Score
10/10
gh0stratdiscoveryrat

Malware Config

Targets

    • Target

      ss2.exe

    • Size

      143KB

    • MD5

      21bb462f0f0a3f4156bb6d46f95d689d

    • SHA1

      2f2ed26926fdcb869fe9398ee8cffea2e4b3b004

    • SHA256

      ac7bbace6a05f3ea6422306fe0f41c3a5252579c3a584150e9628f53a7805b50

    • SHA512

      423f4a7d8f19d30e01ca1f67545b4d1139cd3a2ed5ff4e6c6a28b68f79b805bf590acdf3278822bd937bb451a116133f1f346c5ccd528be72613ba455d668730

    • SSDEEP

      3072:mm2t+PdK2H+hUEgro3cfsVh2WlKMf3jfAw1lfR:mmpVKco3usRIMf3jf/1F

    Score
    10/10
    gh0stratdiscoveryrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Gh0strat family

      gh0strat

    • Blocklisted process makes network request

    • Deletes itself

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks