gh0strat | a61d6710e926e7fd090224403b1df7a130508bb1914157523886b33729f7839b | Triage

Submit
Reports

Overview

overview

Static

static

a61d6710e9...9b.exe

windows7-x64

a61d6710e9...9b.exe

windows10-2004-x64

Sharing

General

Target

a61d6710e926e7fd090224403b1df7a130508bb1914157523886b33729f7839b
Size

111KB
Sample

221011-tb6vesced6
MD5

646a7d30d99381fa55728002cd353a44
SHA1

7a9fef4d4b9eb9c7fc117c4a7b308aa05e3c47b6
SHA256

a61d6710e926e7fd090224403b1df7a130508bb1914157523886b33729f7839b
SHA512

3d61013fb3e300fec5e49f673c5a5f35e09996de5c709d588ed21b6fce6727ce117896de42895507566afc157c825f86a1114654c64dc28ebf15f93dd2b020ba
SSDEEP

3072:dZ8BZsGA6P1XhkUVg8H8pd9Ti6dki1z3W:dZ8TsOtx1geCd9i6yi1bW

Score

10^/10

gh0strat persistence rat

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

a61d6710e926e7fd090224403b1df7a130508bb1914157523886b33729f7839b.exe

Resource

win7-20220812-en

gh0strat persistence rat

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

a61d6710e926e7fd090224403b1df7a130508bb1914157523886b33729f7839b.exe

Resource

win10v2004-20220812-en

gh0strat persistence rat

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  a61d6710e926e7fd090224403b1df7a130508bb1914157523886b33729f7839b
- Size
  
  111KB
- MD5
  
  646a7d30d99381fa55728002cd353a44
- SHA1
  
  7a9fef4d4b9eb9c7fc117c4a7b308aa05e3c47b6
- SHA256
  
  a61d6710e926e7fd090224403b1df7a130508bb1914157523886b33729f7839b
- SHA512
  
  3d61013fb3e300fec5e49f673c5a5f35e09996de5c709d588ed21b6fce6727ce117896de42895507566afc157c825f86a1114654c64dc28ebf15f93dd2b020ba
- SSDEEP
  
  3072:dZ8BZsGA6P1XhkUVg8H8pd9Ti6dki1z3W:dZ8TsOtx1geCd9i6yi1bW
Score

10^/10

gh0strat persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Sets DLL path for service in the registry
  persistence
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratpersistencerat

behavioral2

gh0stratpersistencerat

© 2018-2025

Terms | Privacy