gh0strat | 16c48f8bc347b6ebd65f077a499be8d955a31450573d3758b6983de9924b0eba | Triage

Submit
Reports

Overview

overview

Static

static

16c48f8bc3...ba.exe

windows7-x64

16c48f8bc3...ba.exe

windows10-2004-x64

Sharing

General

Target

16c48f8bc347b6ebd65f077a499be8d955a31450573d3758b6983de9924b0eba
Size

146KB
Sample

221128-e8l4ysbb2z
MD5

1aa6c0f4e9869aead8511af2c54457cd
SHA1

14244d08470d18da13ec13dbbf00eeadf895638c
SHA256

16c48f8bc347b6ebd65f077a499be8d955a31450573d3758b6983de9924b0eba
SHA512

dff8a6dfda35a8cfed35e0cda10737c7c6eceb7e52d68285c4f0bfe65b6af563c236e3a07b3f87a3b41c4179e8dc37d85f7c1644e0d0540d91bd5323fd0f84ec
SSDEEP

3072:NgEehZ6lngDMYUxHkq15yoY0f4S07tVaTqXuz1KJoZAo5LH5u:NgEehkHkmMoY0xoV00uz1PZAS

Score

10^/10

gh0strat rat

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

16c48f8bc347b6ebd65f077a499be8d955a31450573d3758b6983de9924b0eba.exe

Resource

win7-20220901-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

16c48f8bc347b6ebd65f077a499be8d955a31450573d3758b6983de9924b0eba.exe

Resource

win10v2004-20220901-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  16c48f8bc347b6ebd65f077a499be8d955a31450573d3758b6983de9924b0eba
- Size
  
  146KB
- MD5
  
  1aa6c0f4e9869aead8511af2c54457cd
- SHA1
  
  14244d08470d18da13ec13dbbf00eeadf895638c
- SHA256
  
  16c48f8bc347b6ebd65f077a499be8d955a31450573d3758b6983de9924b0eba
- SHA512
  
  dff8a6dfda35a8cfed35e0cda10737c7c6eceb7e52d68285c4f0bfe65b6af563c236e3a07b3f87a3b41c4179e8dc37d85f7c1644e0d0540d91bd5323fd0f84ec
- SSDEEP
  
  3072:NgEehZ6lngDMYUxHkq15yoY0f4S07tVaTqXuz1KJoZAo5LH5u:NgEehkHkmMoY0xoV00uz1PZAS
Score

10^/10

gh0strat rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy