gh0strat | 821ba56198151720b059f01f456381c92ec98e3917fa1104a3b337a04dd14eb2 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

821ba56198...b2.exe

windows7-x64

821ba56198...b2.exe

windows10-2004-x64

Sharing

General

Target

821ba56198151720b059f01f456381c92ec98e3917fa1104a3b337a04dd14eb2
Size

113KB
Sample

221106-rthjfafcd6
MD5

0f8750b44e7ac7abf22b3649f8fcaca9
SHA1

95d6f00feab3da4c7d334b1974401d972afdcecc
SHA256

821ba56198151720b059f01f456381c92ec98e3917fa1104a3b337a04dd14eb2
SHA512

d66916764ced513f8f309f1678e0f988c6fe6ba41bb0a3133d1404bbecce67495f801f76317cc507c9fdc226bab378840f85588ed4ecc1662473c38d05ffa87a
SSDEEP

3072:t7Q8mB+lZ6RUj3g1xjnihO0BmQSiDQGCBTwXDoL:t7Q8uZ+j3y1i0/9iDdCBEXDoL

Score

10^/10

gh0strat persistence rat

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

821ba56198151720b059f01f456381c92ec98e3917fa1104a3b337a04dd14eb2.exe

Resource

win7-20220901-en

gh0strat persistence rat

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

821ba56198151720b059f01f456381c92ec98e3917fa1104a3b337a04dd14eb2.exe

Resource

win10v2004-20220812-en

gh0strat persistence rat

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  821ba56198151720b059f01f456381c92ec98e3917fa1104a3b337a04dd14eb2
- Size
  
  113KB
- MD5
  
  0f8750b44e7ac7abf22b3649f8fcaca9
- SHA1
  
  95d6f00feab3da4c7d334b1974401d972afdcecc
- SHA256
  
  821ba56198151720b059f01f456381c92ec98e3917fa1104a3b337a04dd14eb2
- SHA512
  
  d66916764ced513f8f309f1678e0f988c6fe6ba41bb0a3133d1404bbecce67495f801f76317cc507c9fdc226bab378840f85588ed4ecc1662473c38d05ffa87a
- SSDEEP
  
  3072:t7Q8mB+lZ6RUj3g1xjnihO0BmQSiDQGCBTwXDoL:t7Q8uZ+j3y1i0/9iDdCBEXDoL
Score

10^/10

gh0strat persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Sets DLL path for service in the registry
  persistence
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratpersistencerat

behavioral2

gh0stratpersistencerat

© 2018-2025

Terms | Privacy