gh0strat | dc2816f7672a5d35ea2ca96b41ffb438e59d2d86d78214feb8887f77830e4bf3 | Triage

Submit
Reports

Overview

overview

Static

static

dc2816f767...f3.exe

windows7-x64

dc2816f767...f3.exe

windows10-2004-x64

3

Sharing

General

Target

dc2816f7672a5d35ea2ca96b41ffb438e59d2d86d78214feb8887f77830e4bf3
Size

6.0MB
Sample

221126-mflayshg43
MD5

1520929520d7c2d34274ddfd2f5c709a
SHA1

8e13ea6377f01771b3ef0d6fcbf39752efbc586b
SHA256

dc2816f7672a5d35ea2ca96b41ffb438e59d2d86d78214feb8887f77830e4bf3
SHA512

7e3f953546093b19284fd3b348d547d3813370e41e434984cc8fc023e87a858b078fafea257cc7011450be4ebfdba963f5a457baba319acdd641c6f8833680b7
SSDEEP

196608:87YM5dMDo+aSaAMuKJhyYPij6NmmHK5CV4kCF9H:87DdK5aFUWNpq5443r

Score

10^/10

gh0strat rat vmprotect

Static task

static1

Behavioral task

behavioral1

Sample

dc2816f7672a5d35ea2ca96b41ffb438e59d2d86d78214feb8887f77830e4bf3.exe

Resource

win7-20220812-en

gh0strat rat vmprotect

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

dc2816f7672a5d35ea2ca96b41ffb438e59d2d86d78214feb8887f77830e4bf3.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  dc2816f7672a5d35ea2ca96b41ffb438e59d2d86d78214feb8887f77830e4bf3
- Size
  
  6.0MB
- MD5
  
  1520929520d7c2d34274ddfd2f5c709a
- SHA1
  
  8e13ea6377f01771b3ef0d6fcbf39752efbc586b
- SHA256
  
  dc2816f7672a5d35ea2ca96b41ffb438e59d2d86d78214feb8887f77830e4bf3
- SHA512
  
  7e3f953546093b19284fd3b348d547d3813370e41e434984cc8fc023e87a858b078fafea257cc7011450be4ebfdba963f5a457baba319acdd641c6f8833680b7
- SSDEEP
  
  196608:87YM5dMDo+aSaAMuKJhyYPij6NmmHK5CV4kCF9H:87DdK5aFUWNpq5443r
Score

10^/10

gh0strat rat vmprotect
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Executes dropped EXE
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Modify Registry

Hidden Files and Directories

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gh0stratratvmprotect

behavioral2

© 2018-2024

Terms | Privacy