Overview

overview

10

Static

static

3

cdafa75d27...d7.exe

windows7-x64

10

cdafa75d27...d7.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cdafa75d27565e5acba5e8d2529b117c2c727f388b94ea4ac93e24b817fa9dd7

  • Size

    1.5MB

  • Sample

    250127-ny9xpsxjdy

  • MD5

    3252d8dd08aefff371c6c41e744304ff

  • SHA1

    1245b706b8da09e6ce97dc2d187e596ec5bf6088

  • SHA256

    cdafa75d27565e5acba5e8d2529b117c2c727f388b94ea4ac93e24b817fa9dd7

  • SHA512

    a1629205eb087f0a237b2c12dc4b026473baa29ce70f4ca518143436bcc978834bb6f9e8268ccd3ee515ca8239c3103dbcf3868798471cdbe7e5aecb63a0be4e

  • SSDEEP

    24576:KYFbkIsaPiXSVnC7Yp9zjNmZG8RRl9/yzHd2jsSe:KYREXSVMKi3BsSe

Score
10/10
gh0stratdiscoverypersistencerat

Malware Config

Targets

    • Target

      cdafa75d27565e5acba5e8d2529b117c2c727f388b94ea4ac93e24b817fa9dd7

    • Size

      1.5MB

    • MD5

      3252d8dd08aefff371c6c41e744304ff

    • SHA1

      1245b706b8da09e6ce97dc2d187e596ec5bf6088

    • SHA256

      cdafa75d27565e5acba5e8d2529b117c2c727f388b94ea4ac93e24b817fa9dd7

    • SHA512

      a1629205eb087f0a237b2c12dc4b026473baa29ce70f4ca518143436bcc978834bb6f9e8268ccd3ee515ca8239c3103dbcf3868798471cdbe7e5aecb63a0be4e

    • SSDEEP

      24576:KYFbkIsaPiXSVnC7Yp9zjNmZG8RRl9/yzHd2jsSe:KYREXSVMKi3BsSe

    Score
    10/10
    gh0stratdiscoverypersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Gh0strat family

      gh0strat

    • Server Software Component: Terminal Services DLL

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks