gh0strat | a754b241d602848b7c8847798694abe524adfe6bc1587a83d36756ffd71a51b9 | Triage

Submit
Reports

Overview

overview

Static

static

a754b241d6...b9.exe

windows7-x64

a754b241d6...b9.exe

windows10-2004-x64

Sharing

General

Target

a754b241d602848b7c8847798694abe524adfe6bc1587a83d36756ffd71a51b9
Size

152KB
Sample

221128-gkrqmsef9z
MD5

6cd0fe95a1bb5751717bd2b3d828c515
SHA1

c88b7eafd039d9152e4d758f6e515176a3ba8c25
SHA256

a754b241d602848b7c8847798694abe524adfe6bc1587a83d36756ffd71a51b9
SHA512

d1dd8ae6996595f6dceaf22bee88c85180e644036f40ba4d62b38073a2d8c1a9446cda660367ae1b375c65ecf4e647946974d32ae882085d26ce0e514b1d8190
SSDEEP

3072:LwF8T0PAmr9B4NgVjGt1rOikGML7oCmFZKnbmLLLUF:8FCqxB4Ng9GLjcoCmFJLXUF

Score

10^/10

gh0strat persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

a754b241d602848b7c8847798694abe524adfe6bc1587a83d36756ffd71a51b9.exe

Resource

win7-20221111-en

gh0strat persistence rat

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

a754b241d602848b7c8847798694abe524adfe6bc1587a83d36756ffd71a51b9.exe

Resource

win10v2004-20221111-en

gh0strat persistence rat

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  a754b241d602848b7c8847798694abe524adfe6bc1587a83d36756ffd71a51b9
- Size
  
  152KB
- MD5
  
  6cd0fe95a1bb5751717bd2b3d828c515
- SHA1
  
  c88b7eafd039d9152e4d758f6e515176a3ba8c25
- SHA256
  
  a754b241d602848b7c8847798694abe524adfe6bc1587a83d36756ffd71a51b9
- SHA512
  
  d1dd8ae6996595f6dceaf22bee88c85180e644036f40ba4d62b38073a2d8c1a9446cda660367ae1b375c65ecf4e647946974d32ae882085d26ce0e514b1d8190
- SSDEEP
  
  3072:LwF8T0PAmr9B4NgVjGt1rOikGML7oCmFZKnbmLLLUF:8FCqxB4Ng9GLjcoCmFJLXUF
Score

10^/10

gh0strat persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Sets DLL path for service in the registry
  persistence
- Sets file execution options in registry
  persistence
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gh0stratpersistencerat

behavioral2

gh0stratpersistencerat

© 2018-2024

Terms | Privacy