gh0strat | e7184319f8bcc00d6e9f17542b917c537d6e21e0f068c367d360c44afd7f817e | Triage

Submit
Reports

Overview

overview

Static

static

e7184319f8...7e.exe

windows7-x64

e7184319f8...7e.exe

windows10-1703-x64

e7184319f8...7e.exe

windows10-2004-x64

e7184319f8...7e.exe

windows11-21h2-x64

e7184319f8...7e.exe

android-10-x64

e7184319f8...7e.exe

android-11-x64

e7184319f8...7e.exe

android-9-x86

e7184319f8...7e.exe

macos-10.15-amd64

1

e7184319f8...7e.exe

debian-9-armhf

e7184319f8...7e.exe

debian-9-mips

e7184319f8...7e.exe

debian-9-mipsel

e7184319f8...7e.exe

ubuntu-18.04-amd64

Resubmissions

06-08-2022 02:33

220806-c2bnjahehm 10

06-08-2022 02:28

220806-cx9prscac3 10

Sharing

General

Target

e7184319f8bcc00d6e9f17542b917c537d6e21e0f068c367d360c44afd7f817e
Size

375KB
Sample

220806-c2bnjahehm
MD5

94e5d015983b0f92d45fe3e42b285607
SHA1

5ae548731a6310c2b7d7243b699d12109d4bb5ca
SHA256

e7184319f8bcc00d6e9f17542b917c537d6e21e0f068c367d360c44afd7f817e
SHA512

cff6d560a86df3aa565c46e2ff6937d3039c8f82af7689d2db9b0c31e254ef523aed4c437ed06900c0381d68b2fd9eb9cda7e5e4696c2b6b5f40702449fcb800

Score

10^/10

gh0strat android linux macos rat upx

Static task

static1

Behavioral task

behavioral1

Sample

e7184319f8bcc00d6e9f17542b917c537d6e21e0f068c367d360c44afd7f817e.exe

Resource

win7-20220715-en

gh0strat rat upx

windows7-x64

15 signatures

1800 seconds

Behavioral task

behavioral2

Sample

e7184319f8bcc00d6e9f17542b917c537d6e21e0f068c367d360c44afd7f817e.exe

Resource

win10-20220718-en

gh0strat rat upx

windows10-1703-x64

13 signatures

1800 seconds

Behavioral task

behavioral3

Sample

e7184319f8bcc00d6e9f17542b917c537d6e21e0f068c367d360c44afd7f817e.exe

Resource

win10v2004-20220721-en

gh0strat rat upx

windows10-2004-x64

15 signatures

1800 seconds

Behavioral task

behavioral4

Sample

e7184319f8bcc00d6e9f17542b917c537d6e21e0f068c367d360c44afd7f817e.exe

Resource

win11-20220223-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral5

Sample

e7184319f8bcc00d6e9f17542b917c537d6e21e0f068c367d360c44afd7f817e.exe

Resource

android-x64-20220621-en

android-10-x64

0 signatures

1800 seconds

Behavioral task

behavioral6

Sample

e7184319f8bcc00d6e9f17542b917c537d6e21e0f068c367d360c44afd7f817e.exe

Resource

android-x64-arm64-20220621-en

android-11-x64

0 signatures

1800 seconds

Behavioral task

behavioral7

Sample

e7184319f8bcc00d6e9f17542b917c537d6e21e0f068c367d360c44afd7f817e.exe

Resource

android-x86-arm-20220621-en

android-9-x86

0 signatures

1800 seconds

Behavioral task

behavioral8

Sample

e7184319f8bcc00d6e9f17542b917c537d6e21e0f068c367d360c44afd7f817e.exe

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

1800 seconds

Behavioral task

behavioral9

Sample

e7184319f8bcc00d6e9f17542b917c537d6e21e0f068c367d360c44afd7f817e.exe

Resource

debian9-armhf-en-20211208

debian-9-armhf

0 signatures

1800 seconds

Behavioral task

behavioral10

Sample

e7184319f8bcc00d6e9f17542b917c537d6e21e0f068c367d360c44afd7f817e.exe

Resource

debian9-mipsbe-en-20211208

debian-9-mips

0 signatures

1800 seconds

Behavioral task

behavioral11

Sample

e7184319f8bcc00d6e9f17542b917c537d6e21e0f068c367d360c44afd7f817e.exe

Resource

debian9-mipsel-en-20211208

debian-9-mipsel

0 signatures

1800 seconds

Behavioral task

behavioral12

Sample

e7184319f8bcc00d6e9f17542b917c537d6e21e0f068c367d360c44afd7f817e.exe

Resource

ubuntu1804-amd64-en-20211208

ubuntu-18.04-amd64

0 signatures

1800 seconds

Malware Config

Targets

- Target
  
  e7184319f8bcc00d6e9f17542b917c537d6e21e0f068c367d360c44afd7f817e
- Size
  
  375KB
- MD5
  
  94e5d015983b0f92d45fe3e42b285607
- SHA1
  
  5ae548731a6310c2b7d7243b699d12109d4bb5ca
- SHA256
  
  e7184319f8bcc00d6e9f17542b917c537d6e21e0f068c367d360c44afd7f817e
- SHA512
  
  cff6d560a86df3aa565c46e2ff6937d3039c8f82af7689d2db9b0c31e254ef523aed4c437ed06900c0381d68b2fd9eb9cda7e5e4696c2b6b5f40702449fcb800
Score

10^/10

gh0strat rat upx
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2 behavioral3 behavioral4 behavioral5 behavioral6 behavioral7 behavioral8 behavioral9 behavioral10 behavioral11 behavioral12

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

© 2018-2024

Terms | Privacy