gh0strat | 3e61ed082216236d8447087310530f7b68fd087c51752757370ac74db3604e91 | Triage

Submit
Reports

Overview

overview

Static

static

3e61ed0822...91.exe

windows7-x64

3e61ed0822...91.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

3e61ed082216236d8447087310530f7b68fd087c51752757370ac74db3604e91
Size

567KB
Sample

221003-r6phhsbef8
MD5

63536115c9c9b43b5864fe9e2b36e710
SHA1

2cd56f23a4085eef09d804c0034bb94c033e6351
SHA256

3e61ed082216236d8447087310530f7b68fd087c51752757370ac74db3604e91
SHA512

9f8daa34dd4b635d6a08c192eab9e1498ef51e15bc98c1e0db8954921651d452007fbe03ce8788f9a688ce82b8b8a16c447d73fd68049f3b73fcc8a72c017bce
SSDEEP

6144:i3H28o/OzH+q83iP8ycMciB/oZWfD0FB/oZWfM6Vh+uv:dR/OzgyrcMciBwgGBwgLVh+uv

Score

10^/10

gh0strat rat upx

Static task

static1

Behavioral task

behavioral1

Sample

3e61ed082216236d8447087310530f7b68fd087c51752757370ac74db3604e91.exe

Resource

win7-20220901-en

gh0strat rat upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

3e61ed082216236d8447087310530f7b68fd087c51752757370ac74db3604e91.exe

Resource

win10v2004-20220812-en

gh0strat rat upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  3e61ed082216236d8447087310530f7b68fd087c51752757370ac74db3604e91
- Size
  
  567KB
- MD5
  
  63536115c9c9b43b5864fe9e2b36e710
- SHA1
  
  2cd56f23a4085eef09d804c0034bb94c033e6351
- SHA256
  
  3e61ed082216236d8447087310530f7b68fd087c51752757370ac74db3604e91
- SHA512
  
  9f8daa34dd4b635d6a08c192eab9e1498ef51e15bc98c1e0db8954921651d452007fbe03ce8788f9a688ce82b8b8a16c447d73fd68049f3b73fcc8a72c017bce
- SSDEEP
  
  6144:i3H28o/OzH+q83iP8ycMciB/oZWfD0FB/oZWfM6Vh+uv:dR/OzgyrcMciBwgGBwgLVh+uv
Score

10^/10

gh0strat rat upx
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy