Overview

overview

10

Static

static

7

2ea5b0272d...29.exe

windows7-x64

10

2ea5b0272d...29.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2ea5b0272d628afd0e199360e5c5e58058710b8f81609910ee97950bafa1c529

  • Size

    1.6MB

  • Sample

    250308-azlplsznw3

  • MD5

    2cc33d47148fe80b8f3ef1c97f86ea4b

  • SHA1

    06c7f9a43c4b51caf90f67ba50ae9b013d226194

  • SHA256

    2ea5b0272d628afd0e199360e5c5e58058710b8f81609910ee97950bafa1c529

  • SHA512

    1d25f40c99db19fecfc1a58a6ecc129e51dda091712ef5a3a8709b06e21b1e29ac4522fe61cda5eaf53b90cd97c077e11034f43ef6822f1266a853ca04db223c

  • SSDEEP

    12288:a4ZuzQTRIGxHifW8CRMwmAOTLmyWwU8lLgUd32:a4Zm5GxCfWtN8TLmwlLx32

Score
10/10
gh0stratdiscoveryratvmprotect

Malware Config

Targets

    • Target

      2ea5b0272d628afd0e199360e5c5e58058710b8f81609910ee97950bafa1c529

    • Size

      1.6MB

    • MD5

      2cc33d47148fe80b8f3ef1c97f86ea4b

    • SHA1

      06c7f9a43c4b51caf90f67ba50ae9b013d226194

    • SHA256

      2ea5b0272d628afd0e199360e5c5e58058710b8f81609910ee97950bafa1c529

    • SHA512

      1d25f40c99db19fecfc1a58a6ecc129e51dda091712ef5a3a8709b06e21b1e29ac4522fe61cda5eaf53b90cd97c077e11034f43ef6822f1266a853ca04db223c

    • SSDEEP

      12288:a4ZuzQTRIGxHifW8CRMwmAOTLmyWwU8lLgUd32:a4Zm5GxCfWtN8TLmwlLx32

    Score
    10/10
    gh0stratdiscoveryratvmprotect

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Gh0strat family

      gh0strat

    • Deletes itself

    • Executes dropped EXE

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks