gh0strat | fee774f79df0f33f8f77faf40e790c0321e92c11d3c3ee1bfc4ecb0783b95847 | Triage

Submit
Reports

Overview

overview

Static

static

fee774f79d...47.exe

windows7-x64

fee774f79d...47.exe

windows10-2004-x64

3

Sharing

General

Target

fee774f79df0f33f8f77faf40e790c0321e92c11d3c3ee1bfc4ecb0783b95847
Size

87KB
Sample

221124-tv917afa69
MD5

c2ef013707397633685a7940345a0bc3
SHA1

62a401c181ae51e4d715917cf9b6e0c1c76f7717
SHA256

fee774f79df0f33f8f77faf40e790c0321e92c11d3c3ee1bfc4ecb0783b95847
SHA512

ed0bbe88cfa388e2021cae1fb1cabeb5c82526cf8b250a4b38823773c6940eec6f50781a22f40574497b8605dd170b3a48b0c76bd9e3912c1e09ac9c25035331
SSDEEP

1536:5s493aIiVgGsfpia7/trh1Uxyv+3UUMFNTfJBAL/4fjLmTCJgfDbaZJ:W493apEpia7j1QUKNEfJCj4f2y6baH

Score

10^/10

gh0strat persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

fee774f79df0f33f8f77faf40e790c0321e92c11d3c3ee1bfc4ecb0783b95847.exe

Resource

win7-20220812-en

gh0strat persistence rat

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

fee774f79df0f33f8f77faf40e790c0321e92c11d3c3ee1bfc4ecb0783b95847.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Targets

- Target
  
  fee774f79df0f33f8f77faf40e790c0321e92c11d3c3ee1bfc4ecb0783b95847
- Size
  
  87KB
- MD5
  
  c2ef013707397633685a7940345a0bc3
- SHA1
  
  62a401c181ae51e4d715917cf9b6e0c1c76f7717
- SHA256
  
  fee774f79df0f33f8f77faf40e790c0321e92c11d3c3ee1bfc4ecb0783b95847
- SHA512
  
  ed0bbe88cfa388e2021cae1fb1cabeb5c82526cf8b250a4b38823773c6940eec6f50781a22f40574497b8605dd170b3a48b0c76bd9e3912c1e09ac9c25035331
- SSDEEP
  
  1536:5s493aIiVgGsfpia7/trh1Uxyv+3UUMFNTfJBAL/4fjLmTCJgfDbaZJ:W493apEpia7j1QUKNEfJCj4f2y6baH
Score

10^/10

gh0strat persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratpersistencerat

behavioral2

© 2018-2024

Terms | Privacy