gh0strat | 06851627edcc8b9052fb6e96ea89850b2d4ac605f640ac5f36f7afc54f576b00 | Triage

Submit
Reports

Overview

overview

Static

static

06851627ed...00.exe

windows7-x64

06851627ed...00.exe

windows10-2004-x64

Sharing

General

Target

06851627edcc8b9052fb6e96ea89850b2d4ac605f640ac5f36f7afc54f576b00
Size

246KB
Sample

221123-z8aq5shg4s
MD5

8f101545a83a42697b601b49440bfbef
SHA1

b64ae33e3cebf2641134d682c805bf323b2f35b3
SHA256

06851627edcc8b9052fb6e96ea89850b2d4ac605f640ac5f36f7afc54f576b00
SHA512

5b99db995e38c756e72c5d711220acd9c737d20d79a644a163843c60d7794739a740b3c4fd9cf594cece3d4a84e4abdbfc203c75479ba9902ddf91a187928806
SSDEEP

6144:BCvHDbXP2nBfV+SfYzL1FvERa1q6NXtCVanz:BST4BfV+IYzL1FvAa1xnz

Score

10^/10

gh0strat evasion rat

Static task

static1

Behavioral task

behavioral1

Sample

06851627edcc8b9052fb6e96ea89850b2d4ac605f640ac5f36f7afc54f576b00.exe

Resource

win7-20221111-en

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

06851627edcc8b9052fb6e96ea89850b2d4ac605f640ac5f36f7afc54f576b00.exe

Resource

win10v2004-20220812-en

gh0strat evasion rat

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  06851627edcc8b9052fb6e96ea89850b2d4ac605f640ac5f36f7afc54f576b00
- Size
  
  246KB
- MD5
  
  8f101545a83a42697b601b49440bfbef
- SHA1
  
  b64ae33e3cebf2641134d682c805bf323b2f35b3
- SHA256
  
  06851627edcc8b9052fb6e96ea89850b2d4ac605f640ac5f36f7afc54f576b00
- SHA512
  
  5b99db995e38c756e72c5d711220acd9c737d20d79a644a163843c60d7794739a740b3c4fd9cf594cece3d4a84e4abdbfc203c75479ba9902ddf91a187928806
- SSDEEP
  
  6144:BCvHDbXP2nBfV+SfYzL1FvERa1q6NXtCVanz:BST4BfV+IYzL1FvAa1xnz
Score

10^/10

gh0strat rat evasion
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Modifies firewall policy service
  evasion
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

gh0stratevasionrat

© 2018-2024

Terms | Privacy