gh0strat | 732eae4c7b7ffd607596f0804530c1e617dc6d7f37f3b6ecc722f273e090ef42 | Triage

Submit
Reports

Overview

overview

Static

static

732eae4c7b...42.exe

windows7-x64

732eae4c7b...42.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

732eae4c7b7ffd607596f0804530c1e617dc6d7f37f3b6ecc722f273e090ef42
Size

370KB
Sample

221029-3vckcschfn
MD5

a374a417822d4f392abd314bde85b630
SHA1

b3f0dcdcd0188de2c90f29acd57b272d7fea7813
SHA256

732eae4c7b7ffd607596f0804530c1e617dc6d7f37f3b6ecc722f273e090ef42
SHA512

8d4fab50da0b6597737f69236f05b835293ae9447a33989bc98f62e970030292c93a1ebc64bbbed3153280ae8dba8b99c98a78e10b46aa8ae5372b255683976b
SSDEEP

3072:mxjMQVacnG3icUkYdT45/NEGI/Lc+EINkzT1diLUEuBfYcORtwikwiWAD:mxjlVJnQiGP/evc2gT1Wcx

Score

10^/10

gh0strat persistence rat upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

732eae4c7b7ffd607596f0804530c1e617dc6d7f37f3b6ecc722f273e090ef42.exe

Resource

win7-20220812-en

gh0strat persistence rat upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

732eae4c7b7ffd607596f0804530c1e617dc6d7f37f3b6ecc722f273e090ef42.exe

Resource

win10v2004-20220901-en

gh0strat persistence rat upx

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  732eae4c7b7ffd607596f0804530c1e617dc6d7f37f3b6ecc722f273e090ef42
- Size
  
  370KB
- MD5
  
  a374a417822d4f392abd314bde85b630
- SHA1
  
  b3f0dcdcd0188de2c90f29acd57b272d7fea7813
- SHA256
  
  732eae4c7b7ffd607596f0804530c1e617dc6d7f37f3b6ecc722f273e090ef42
- SHA512
  
  8d4fab50da0b6597737f69236f05b835293ae9447a33989bc98f62e970030292c93a1ebc64bbbed3153280ae8dba8b99c98a78e10b46aa8ae5372b255683976b
- SSDEEP
  
  3072:mxjMQVacnG3icUkYdT45/NEGI/Lc+EINkzT1diLUEuBfYcORtwikwiWAD:mxjlVJnQiGP/evc2gT1Wcx
Score

10^/10

gh0strat persistence rat upx
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratpersistenceratupx

behavioral2

gh0stratpersistenceratupx

© 2018-2025

Terms | Privacy