gh0strat | daae069f04f6413b5c22fd39d7d92b53e566214818179c47ca90193dcda323e5

Analysis

max time kernel
151s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 08:00

Target

daae069f04f6413b5c22fd39d7d92b53e566214818179c47ca90193dcda323e5.exe
Size

128KB
MD5

715c63cf424c0c55976a3aca04f3daec
SHA1

58a2ff63947b92634d112933c1b2936e867f61dc
SHA256

daae069f04f6413b5c22fd39d7d92b53e566214818179c47ca90193dcda323e5
SHA512

39fa25efc278fbac736bc68e7cd0128a264560d592c687dcce426e19147107cfa3fbdd137acfb47f3580b8c60dd9c6acef04e5d957235458b40cba5f894a05d3
SSDEEP

3072:G6ZIGupNGmWpNL8NfuctpPRsQG4+SYBNQnHIu25i/rr:VZITNGHnL8pDHGfrBCHIu24/v

Score

10^/10

gh0strat rat

Gh0st RAT payload 1 IoCs

resource	yara_rule
behavioral1/memory/1480-55-0x0000000010000000-0x000000001001C000-memory.dmp	family_gh0strat

Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
rat gh0strat

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1480	daae069f04f6413b5c22fd39d7d92b53e566214818179c47ca90193dcda323e5.exe
1480	daae069f04f6413b5c22fd39d7d92b53e566214818179c47ca90193dcda323e5.exe

C:\Users\Admin\AppData\Local\Temp\daae069f04f6413b5c22fd39d7d92b53e566214818179c47ca90193dcda323e5.exe
"C:\Users\Admin\AppData\Local\Temp\daae069f04f6413b5c22fd39d7d92b53e566214818179c47ca90193dcda323e5.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1480

memory/1480-54-0x0000000076831000-0x0000000076833000-memory.dmp

Filesize
8KB

Download
memory/1480-55-0x0000000010000000-0x000000001001C000-memory.dmp

Filesize
112KB

Download