Overview

overview

10

Static

static

3

9661b7225a...9b.exe

windows7-x64

10

9661b7225a...9b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9661b7225aabfc51d50e72e4d6ed90c1f2185152be6a9fa107087ab6311c039b

  • Size

    1.0MB

  • Sample

    250307-y78q4swsew

  • MD5

    a76df31724d8101889ac5b723d32f2a9

  • SHA1

    7a19d5e7e6f65c1d78fab3f2f15ae2d0bb72b0d9

  • SHA256

    9661b7225aabfc51d50e72e4d6ed90c1f2185152be6a9fa107087ab6311c039b

  • SHA512

    aa2eb53c267539c779941a1250f0e403eac982d9a625ffa9219a6b1ebc46939d657b3fd811b52e8c020e6a133c97909d148c5e729aca25bac774e96a42ace7d5

  • SSDEEP

    12288:M+9JIICwqWRmTxyJrH0vwK8spKfUFGLIfed0cX69udCMT:M+9J2wqWRmTxSsIfUFGLIfeJdCM

Score
10/10
gh0stratdiscoveryrat

Malware Config

Targets

    • Target

      9661b7225aabfc51d50e72e4d6ed90c1f2185152be6a9fa107087ab6311c039b

    • Size

      1.0MB

    • MD5

      a76df31724d8101889ac5b723d32f2a9

    • SHA1

      7a19d5e7e6f65c1d78fab3f2f15ae2d0bb72b0d9

    • SHA256

      9661b7225aabfc51d50e72e4d6ed90c1f2185152be6a9fa107087ab6311c039b

    • SHA512

      aa2eb53c267539c779941a1250f0e403eac982d9a625ffa9219a6b1ebc46939d657b3fd811b52e8c020e6a133c97909d148c5e729aca25bac774e96a42ace7d5

    • SSDEEP

      12288:M+9JIICwqWRmTxyJrH0vwK8spKfUFGLIfed0cX69udCMT:M+9J2wqWRmTxSsIfUFGLIfeJdCM

    Score
    10/10
    gh0stratdiscoveryrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Gh0strat family

      gh0strat

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks