gh0strat | 18d7921b96a2a301b2a7be56ed9d8a46eebe26efb808211592f208c512c3e029 | Triage

Submit
Reports

Overview

overview

Static

static

18d7921b96...29.exe

windows7-x64

18d7921b96...29.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

18d7921b96a2a301b2a7be56ed9d8a46eebe26efb808211592f208c512c3e029
Size

80KB
Sample

221124-natktaab53
MD5

1e127144782bdc5dc35b52d8bc1f0662
SHA1

d30a1e183e02d1927de38e313dc67a82201e05a8
SHA256

18d7921b96a2a301b2a7be56ed9d8a46eebe26efb808211592f208c512c3e029
SHA512

454c48cd2375132a742936428c02ed362dcfe981da5eaabd449fa1635bbe49b3717e6cb64d631bffe4657813e06b44af6473def01bee8bba74a9e37d617a10ee
SSDEEP

1536:sFz0LnC0atiq+9Cc73McaTBFb0bJ+oa/xrpnHTlyojsjxNe22JjIHM:sFz90hq+Yc7Hf4oa5r5sojsj+oM

Score

10^/10

gh0strat persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

18d7921b96a2a301b2a7be56ed9d8a46eebe26efb808211592f208c512c3e029.exe

Resource

win7-20221111-en

gh0strat persistence rat

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

18d7921b96a2a301b2a7be56ed9d8a46eebe26efb808211592f208c512c3e029.exe

Resource

win10v2004-20221111-en

gh0strat persistence rat

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  18d7921b96a2a301b2a7be56ed9d8a46eebe26efb808211592f208c512c3e029
- Size
  
  80KB
- MD5
  
  1e127144782bdc5dc35b52d8bc1f0662
- SHA1
  
  d30a1e183e02d1927de38e313dc67a82201e05a8
- SHA256
  
  18d7921b96a2a301b2a7be56ed9d8a46eebe26efb808211592f208c512c3e029
- SHA512
  
  454c48cd2375132a742936428c02ed362dcfe981da5eaabd449fa1635bbe49b3717e6cb64d631bffe4657813e06b44af6473def01bee8bba74a9e37d617a10ee
- SSDEEP
  
  1536:sFz0LnC0atiq+9Cc73McaTBFb0bJ+oa/xrpnHTlyojsjxNe22JjIHM:sFz90hq+Yc7Hf4oa5r5sojsj+oM
Score

10^/10

gh0strat persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratpersistencerat

behavioral2

gh0stratpersistencerat

© 2018-2025

Terms | Privacy