gh0strat | f30033ff14c739dc2b8ba2e0e9c8fb16740565f52851e5081472f8ac5170a408 | Triage

Sharing

General

Target

f30033ff14c739dc2b8ba2e0e9c8fb16740565f52851e5081472f8ac5170a408
Size

60KB
Sample

221128-d7ah4acb25
MD5

e9255d225da8512296c2e6181b1c3c45
SHA1

eb5a1cee08024cf245e544085857400dc5ee9b44
SHA256

f30033ff14c739dc2b8ba2e0e9c8fb16740565f52851e5081472f8ac5170a408
SHA512

21905c555a8740f448658508d275a0a11106a19c5186e79aefcec48496296d3e18ae55fab7e2a5aab6beacf9f702c29195a49310110800e76030faf983f093bb
SSDEEP

1536:e4xAWfPAZD3CKRihqWcqKhXe+M8fdgcu5ML:BJfPAZFqq/qKhXeR8lgS

Score

10^/10

gh0strat aspackv2 persistence rat

Malware Config

Targets

- Target
  
  f30033ff14c739dc2b8ba2e0e9c8fb16740565f52851e5081472f8ac5170a408
- Size
  
  60KB
- MD5
  
  e9255d225da8512296c2e6181b1c3c45
- SHA1
  
  eb5a1cee08024cf245e544085857400dc5ee9b44
- SHA256
  
  f30033ff14c739dc2b8ba2e0e9c8fb16740565f52851e5081472f8ac5170a408
- SHA512
  
  21905c555a8740f448658508d275a0a11106a19c5186e79aefcec48496296d3e18ae55fab7e2a5aab6beacf9f702c29195a49310110800e76030faf983f093bb
- SSDEEP
  
  1536:e4xAWfPAZD3CKRihqWcqKhXe+M8fdgcu5ML:BJfPAZFqq/qKhXeR8lgS
Score

10^/10

gh0strat persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gh0stratpersistencerat

behavioral2

gh0stratpersistencerat