gh0strat | a3e13cca212a128196d179e2cabff48c45e8ac9139fb2288cbdc11901cbec4bb | Triage

Submit
Reports

Overview

overview

Static

static

a3e13cca21...bb.exe

windows7-x64

a3e13cca21...bb.exe

windows10-2004-x64

Sharing

General

Target

a3e13cca212a128196d179e2cabff48c45e8ac9139fb2288cbdc11901cbec4bb
Size

131KB
Sample

221121-vv729sah33
MD5

132521e6203dbcbf830c1dde49b35581
SHA1

d9f1508c6a25f8b419e509e6e98a4ac3aec9227a
SHA256

a3e13cca212a128196d179e2cabff48c45e8ac9139fb2288cbdc11901cbec4bb
SHA512

8c43617b5b910db7cbed4bdd50e635d04e2406a29829292583a803f8d6574144eddd9d6fa67b91df9c0b4a338113e2bf8b2324f9c374b9760cfd09b2135db1a9
SSDEEP

3072:gu+/qlgByBTEur7VsuRh/DBiE/8bNJFXDccx+tJdnJ0:g5DyBTE0V1LDw5N3TccqJdnJ0

Score

10^/10

gh0strat persistence rat

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

a3e13cca212a128196d179e2cabff48c45e8ac9139fb2288cbdc11901cbec4bb.exe

Resource

win7-20220812-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

a3e13cca212a128196d179e2cabff48c45e8ac9139fb2288cbdc11901cbec4bb.exe

Resource

win10v2004-20221111-en

gh0strat persistence rat

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  a3e13cca212a128196d179e2cabff48c45e8ac9139fb2288cbdc11901cbec4bb
- Size
  
  131KB
- MD5
  
  132521e6203dbcbf830c1dde49b35581
- SHA1
  
  d9f1508c6a25f8b419e509e6e98a4ac3aec9227a
- SHA256
  
  a3e13cca212a128196d179e2cabff48c45e8ac9139fb2288cbdc11901cbec4bb
- SHA512
  
  8c43617b5b910db7cbed4bdd50e635d04e2406a29829292583a803f8d6574144eddd9d6fa67b91df9c0b4a338113e2bf8b2324f9c374b9760cfd09b2135db1a9
- SSDEEP
  
  3072:gu+/qlgByBTEur7VsuRh/DBiE/8bNJFXDccx+tJdnJ0:g5DyBTE0V1LDw5N3TccqJdnJ0
Score

10^/10

gh0strat rat persistence
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Sets DLL path for service in the registry
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

gh0stratpersistencerat

© 2018-2024

Terms | Privacy