gh0strat | aee781b862d9d6727982d3757fad4bb1bc2f3f0cd3df4c8997cb92a51c642af5 | Triage

Submit
Reports

Overview

overview

Static

static

aee781b862...f5.exe

windows7-x64

aee781b862...f5.exe

windows10-2004-x64

Sharing

General

Target

aee781b862d9d6727982d3757fad4bb1bc2f3f0cd3df4c8997cb92a51c642af5
Size

107KB
Sample

221014-m2ckyacbe9
MD5

460944f39dbfb5a0ba6e970ff38b7f70
SHA1

0dc8f066ea95aad962d85dcc8117e7484a43aeab
SHA256

aee781b862d9d6727982d3757fad4bb1bc2f3f0cd3df4c8997cb92a51c642af5
SHA512

5cbbfea8bed2ef49b40ed58caf65f41ec1d2cb60b211c92624bf5633daaf3782fc728e64ace6feaa712fe61dffea942747b00e3cd1f232bec865836e4d466fb0
SSDEEP

3072:4FF90hq+Yc7Hf4oa5r5sojsj+oMy+FO/PqYY:49ycc7/4D95sqBFoP

Score

10^/10

gh0strat evasion persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

aee781b862d9d6727982d3757fad4bb1bc2f3f0cd3df4c8997cb92a51c642af5.exe

Resource

win7-20220901-en

gh0strat persistence rat

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

aee781b862d9d6727982d3757fad4bb1bc2f3f0cd3df4c8997cb92a51c642af5.exe

Resource

win10v2004-20220812-en

gh0strat evasion persistence rat

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  aee781b862d9d6727982d3757fad4bb1bc2f3f0cd3df4c8997cb92a51c642af5
- Size
  
  107KB
- MD5
  
  460944f39dbfb5a0ba6e970ff38b7f70
- SHA1
  
  0dc8f066ea95aad962d85dcc8117e7484a43aeab
- SHA256
  
  aee781b862d9d6727982d3757fad4bb1bc2f3f0cd3df4c8997cb92a51c642af5
- SHA512
  
  5cbbfea8bed2ef49b40ed58caf65f41ec1d2cb60b211c92624bf5633daaf3782fc728e64ace6feaa712fe61dffea942747b00e3cd1f232bec865836e4d466fb0
- SSDEEP
  
  3072:4FF90hq+Yc7Hf4oa5r5sojsj+oMy+FO/PqYY:49ycc7/4D95sqBFoP
Score

10^/10

gh0strat persistence rat evasion
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Modifies firewall policy service
  evasion
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratpersistencerat

behavioral2

gh0stratevasionpersistencerat

© 2018-2025

Terms | Privacy