gh0strat | ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21 | Triage

Submit
Reports

Overview

overview

Static

static

589.exe

windows7_x64

589.exe

windows10-2004_x64

Sharing

General

Target

589.exe
Size

216KB
Sample

220509-zm5pdsecd5
MD5

a824640862ea34979abb4d80f2ee07b1
SHA1

529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed
SHA256

ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21
SHA512

99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Score

10^/10

gh0strat rat

Static task

static1

Behavioral task

behavioral1

Sample

589.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

589.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  589.exe
- Size
  
  216KB
- MD5
  
  a824640862ea34979abb4d80f2ee07b1
- SHA1
  
  529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed
- SHA256
  
  ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21
- SHA512
  
  99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e
Score

10^/10

gh0strat rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy