gh0strat | 390b0f0076f49ca340733d0f351eba2ab00a07dfc4c593dc411708655120dceb | Triage

Sharing

General

Target

390b0f0076f49ca340733d0f351eba2ab00a07dfc4c593dc411708655120dceb
Size

160KB
Sample

221004-dwtgtsafb9
MD5

063d9ebb3764301d7aff87b848f74670
SHA1

bfe41c042b9732a471f24c7ad706545405c6987b
SHA256

390b0f0076f49ca340733d0f351eba2ab00a07dfc4c593dc411708655120dceb
SHA512

da3313d933847fbb3ed362bda7b901256f612c147a4eb63986e0963ac9f5a50928bfe8f75d78e03c305662ca95090a20045faa31b61cb4b5dbac9ab20e709bac
SSDEEP

3072:51vHS/onYGlo6DKfYZmn87sItcOUuDOd6/Z4pJR:KQl3uln27uOU+OdkG

Score

10^/10

gh0strat persistence rat

Malware Config

Targets

- Target
  
  390b0f0076f49ca340733d0f351eba2ab00a07dfc4c593dc411708655120dceb
- Size
  
  160KB
- MD5
  
  063d9ebb3764301d7aff87b848f74670
- SHA1
  
  bfe41c042b9732a471f24c7ad706545405c6987b
- SHA256
  
  390b0f0076f49ca340733d0f351eba2ab00a07dfc4c593dc411708655120dceb
- SHA512
  
  da3313d933847fbb3ed362bda7b901256f612c147a4eb63986e0963ac9f5a50928bfe8f75d78e03c305662ca95090a20045faa31b61cb4b5dbac9ab20e709bac
- SSDEEP
  
  3072:51vHS/onYGlo6DKfYZmn87sItcOUuDOd6/Z4pJR:KQl3uln27uOU+OdkG
Score

10^/10

gh0strat persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratpersistencerat

behavioral2

gh0stratpersistencerat