Overview

overview

10

Static

static

3

a36de2baaf...20.exe

windows7-x64

10

a36de2baaf...20.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a36de2baaf9355213b83514d52e08725db182a5f0e21baa440aab8f129610820

  • Size

    4.3MB

  • Sample

    240701-e9416awgjh

  • MD5

    0f9baf91bbc3af9d45ee0d5891c030a9

  • SHA1

    bdd3b7d80059fe7b7cfc374f0ea1f0b9a315988c

  • SHA256

    a36de2baaf9355213b83514d52e08725db182a5f0e21baa440aab8f129610820

  • SHA512

    00bd256402e067b79d0a3918a8b39a12ab5fd87bae9a03952bfa815a0563c074d49e8973a24ee89c1daeec76c0a57a792bc27d664d6245a9d33bf517dc8ea527

  • SSDEEP

    98304:92SVMD8unlEm9++v6O7XkvT+WLeLCt1wrteBO:1EnlE++SNXkorteBO

Score
10/10
gh0stratpersistencerat

Malware Config

Targets

    • Target

      a36de2baaf9355213b83514d52e08725db182a5f0e21baa440aab8f129610820

    • Size

      4.3MB

    • MD5

      0f9baf91bbc3af9d45ee0d5891c030a9

    • SHA1

      bdd3b7d80059fe7b7cfc374f0ea1f0b9a315988c

    • SHA256

      a36de2baaf9355213b83514d52e08725db182a5f0e21baa440aab8f129610820

    • SHA512

      00bd256402e067b79d0a3918a8b39a12ab5fd87bae9a03952bfa815a0563c074d49e8973a24ee89c1daeec76c0a57a792bc27d664d6245a9d33bf517dc8ea527

    • SSDEEP

      98304:92SVMD8unlEm9++v6O7XkvT+WLeLCt1wrteBO:1EnlE++SNXkorteBO

    Score
    10/10
    gh0stratpersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Server Software Component: Terminal Services DLL

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Server Software Component

1
T1505

Terminal Services DLL

1
T1505.005

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks