gh0strat | f73282bb29d6711a116656bf12a55c2e7df5eb9a95376b6d1d087309fc37bb14 | Triage

Submit
Reports

Overview

overview

Static

static

f38ceb5bcc...40.exe

windows7_x64

f38ceb5bcc...40.exe

windows10-2004_x64

Sharing

General

Target

f38ceb5bccd2de5ccf73d79ec5711d40.exe
Size

2.1MB
Sample

220707-fztywadeer
MD5

f38ceb5bccd2de5ccf73d79ec5711d40
SHA1

72eb623006fad037f57831ebe2a554c3823105d9
SHA256

f73282bb29d6711a116656bf12a55c2e7df5eb9a95376b6d1d087309fc37bb14
SHA512

199be4590729211be3b144a789ba4455fdc4e23604b36f2a4989bb75a763718abcd058e075236040a8ed51158f7783c2f99f77bbbfd9796426deb3902fae851d

Score

10^/10

gh0strat rat upx

Static task

static1

Behavioral task

behavioral1

Sample

f38ceb5bccd2de5ccf73d79ec5711d40.exe

Resource

win7-20220414-en

gh0strat rat upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

f38ceb5bccd2de5ccf73d79ec5711d40.exe

Resource

win10v2004-20220414-en

gh0strat rat upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  f38ceb5bccd2de5ccf73d79ec5711d40.exe
- Size
  
  2.1MB
- MD5
  
  f38ceb5bccd2de5ccf73d79ec5711d40
- SHA1
  
  72eb623006fad037f57831ebe2a554c3823105d9
- SHA256
  
  f73282bb29d6711a116656bf12a55c2e7df5eb9a95376b6d1d087309fc37bb14
- SHA512
  
  199be4590729211be3b144a789ba4455fdc4e23604b36f2a4989bb75a763718abcd058e075236040a8ed51158f7783c2f99f77bbbfd9796426deb3902fae851d
Score

10^/10

gh0strat rat upx
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy