gh0strat | 0a0e8adfebfd5c9afce928317436c55a76899784a27732ca85c8ee3770958f04 | Triage

Submit
Reports

Overview

overview

Static

static

WhatsApp.exe

windows7-x64

WhatsApp.exe

windows10-2004-x64

7

Sharing

General

Target

WhatsApp.exe
Size

125.9MB
Sample

221123-grmehada57
MD5

b08f87a129d8ba46118db20d60a63774
SHA1

a6085e9a60d9231dc912e3b58ef59233a180cec9
SHA256

0a0e8adfebfd5c9afce928317436c55a76899784a27732ca85c8ee3770958f04
SHA512

49334580207309b49c583064aa27676076f94bf1499bf47cc5b2ecd794f9fd979d60e9db4d2bcfd007db2dcdf7ca4546f374b390a0544cae2ec8e87584a5f90f
SSDEEP

3145728:fWHvJqjZrei7ilhjNRR87Z95jCyK7n3tO29oHhD1Im9FzkuQ:SmZreieZRRGbWylBD1x9Zy

Score

10^/10

gh0strat evasion rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

WhatsApp.exe

Resource

win7-20220901-en

gh0strat evasion rat trojan

windows7-x64

17 signatures

300 seconds

Behavioral task

behavioral2

Sample

WhatsApp.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

9 signatures

300 seconds

Malware Config

Targets

- Target
  
  WhatsApp.exe
- Size
  
  125.9MB
- MD5
  
  b08f87a129d8ba46118db20d60a63774
- SHA1
  
  a6085e9a60d9231dc912e3b58ef59233a180cec9
- SHA256
  
  0a0e8adfebfd5c9afce928317436c55a76899784a27732ca85c8ee3770958f04
- SHA512
  
  49334580207309b49c583064aa27676076f94bf1499bf47cc5b2ecd794f9fd979d60e9db4d2bcfd007db2dcdf7ca4546f374b390a0544cae2ec8e87584a5f90f
- SSDEEP
  
  3145728:fWHvJqjZrei7ilhjNRR87Z95jCyK7n3tO29oHhD1Im9FzkuQ:SmZreieZRRGbWylBD1x9Zy
Score

10^/10

gh0strat evasion rat trojan
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratevasionrattrojan

behavioral2

© 2018-2024

Terms | Privacy