gh0strat | 759859709a2b91ee500201d9616f3a5d38c9c0e4313aa81c18ed125225a5540b | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

759859709a2b91ee500201d9616f3a5d38c9c0e4313aa81c18ed125225a5540b
Size

375KB
Sample

221011-y4a1nschfj
MD5

29aa8a4d1d634461eb3ebf3227194c87
SHA1

4561d01e687a84e5cdb2e85cc5ff6e2bbd686c20
SHA256

759859709a2b91ee500201d9616f3a5d38c9c0e4313aa81c18ed125225a5540b
SHA512

689628b09de3522b61bb7295fd30ad31748c96f3b0d5d7f20960bf54f9e09fb2466306472495c77fd5a81d05c04493203208e5b2bf1e539822dcf5a55714e5f9
SSDEEP

6144:1v5zQJVb5p72cHF1ybDFwekh212KhvwIb759QOaBjpaVRPu23E2rJmWjFc94:14VOiF1WD7kE1dTYOi8V5u23zmWFy4

Score

10^/10

gh0strat rat upx

Static task

static1

Behavioral task

behavioral1

Sample

759859709a2b91ee500201d9616f3a5d38c9c0e4313aa81c18ed125225a5540b.exe

Resource

win10-20220812-en

gh0strat rat upx

windows10-1703-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  759859709a2b91ee500201d9616f3a5d38c9c0e4313aa81c18ed125225a5540b
- Size
  
  375KB
- MD5
  
  29aa8a4d1d634461eb3ebf3227194c87
- SHA1
  
  4561d01e687a84e5cdb2e85cc5ff6e2bbd686c20
- SHA256
  
  759859709a2b91ee500201d9616f3a5d38c9c0e4313aa81c18ed125225a5540b
- SHA512
  
  689628b09de3522b61bb7295fd30ad31748c96f3b0d5d7f20960bf54f9e09fb2466306472495c77fd5a81d05c04493203208e5b2bf1e539822dcf5a55714e5f9
- SSDEEP
  
  6144:1v5zQJVb5p72cHF1ybDFwekh212KhvwIb759QOaBjpaVRPu23E2rJmWjFc94:14VOiF1WD7kE1dTYOi8V5u23zmWFy4
Score

10^/10

gh0strat rat upx
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy