gh0strat | 46228923291ceab1c75887af7394832bbb68bdd840b3d10c7bda8f2f5e85b25a | Triage

Submit
Reports

Overview

overview

Static

static

4622892329...5a.exe

windows7_x64

4622892329...5a.exe

windows10-2004_x64

Sharing

General

Target

46228923291ceab1c75887af7394832bbb68bdd840b3d10c7bda8f2f5e85b25a
Size

252KB
Sample

220521-mn36qscbb6
MD5

7c77f7a1ebddd9579a7567dedb131a95
SHA1

76aedce6c1483506c33f1cb00cbe72a4f9387427
SHA256

46228923291ceab1c75887af7394832bbb68bdd840b3d10c7bda8f2f5e85b25a
SHA512

3187ca40dd4c3fb9aead5b5eef1682a1128c957a41df1d5d0947b1f666c04737aacbdbb5c7deb9a2fb276a77437b456695f55e8429362fd68de5660e9da82e73

Score

10^/10

gh0strat evasion rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

46228923291ceab1c75887af7394832bbb68bdd840b3d10c7bda8f2f5e85b25a.exe

Resource

win7-20220414-en

gh0strat evasion rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

46228923291ceab1c75887af7394832bbb68bdd840b3d10c7bda8f2f5e85b25a.exe

Resource

win10v2004-20220414-en

gh0strat evasion rat trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  46228923291ceab1c75887af7394832bbb68bdd840b3d10c7bda8f2f5e85b25a
- Size
  
  252KB
- MD5
  
  7c77f7a1ebddd9579a7567dedb131a95
- SHA1
  
  76aedce6c1483506c33f1cb00cbe72a4f9387427
- SHA256
  
  46228923291ceab1c75887af7394832bbb68bdd840b3d10c7bda8f2f5e85b25a
- SHA512
  
  3187ca40dd4c3fb9aead5b5eef1682a1128c957a41df1d5d0947b1f666c04737aacbdbb5c7deb9a2fb276a77437b456695f55e8429362fd68de5660e9da82e73
Score

10^/10

gh0strat evasion rat trojan
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Install Root Certificate

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratevasionrattrojan

behavioral2

gh0stratevasionrattrojan

© 2018-2024

Terms | Privacy