gh0strat | 822f4d3551d9cefd1c22278b7a2fc08b93fe9dce0c97c7c36fcdb0dc384a42cd | Triage

Submit
Reports

Overview

overview

Static

static

822f4d3551...cd.exe

windows7-x64

1

822f4d3551...cd.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

822f4d3551d9cefd1c22278b7a2fc08b93fe9dce0c97c7c36fcdb0dc384a42cd
Size

94KB
Sample

221129-hntvvafa49
MD5

74a5c99c57508089e2896bc4745e24b7
SHA1

157efdda60aa354f7aa6d24eff32852f5cd0656d
SHA256

822f4d3551d9cefd1c22278b7a2fc08b93fe9dce0c97c7c36fcdb0dc384a42cd
SHA512

e529c45747e95610888f29b2079d82718ca8fb1492c219d66de90d96b91be884b0500368417aee409400db46f0139e79c76c6cd8f729c9b3449cc402fe4f94ef
SSDEEP

1536:9FQwQsiEoa2BhmUB4I+yuDg1uUO2mntP2qZNKHuNMaSJETxmIGykRZhcMePmrOa:9FQwQhEOLfuDg0PtOqzKONqsEykRLSeP

Score

10^/10

gh0strat persistence rat upx

Static task

static1

Behavioral task

behavioral1

Sample

822f4d3551d9cefd1c22278b7a2fc08b93fe9dce0c97c7c36fcdb0dc384a42cd.exe

Resource

win7-20221111-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

822f4d3551d9cefd1c22278b7a2fc08b93fe9dce0c97c7c36fcdb0dc384a42cd.exe

Resource

win10v2004-20220901-en

gh0strat persistence rat upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  822f4d3551d9cefd1c22278b7a2fc08b93fe9dce0c97c7c36fcdb0dc384a42cd
- Size
  
  94KB
- MD5
  
  74a5c99c57508089e2896bc4745e24b7
- SHA1
  
  157efdda60aa354f7aa6d24eff32852f5cd0656d
- SHA256
  
  822f4d3551d9cefd1c22278b7a2fc08b93fe9dce0c97c7c36fcdb0dc384a42cd
- SHA512
  
  e529c45747e95610888f29b2079d82718ca8fb1492c219d66de90d96b91be884b0500368417aee409400db46f0139e79c76c6cd8f729c9b3449cc402fe4f94ef
- SSDEEP
  
  1536:9FQwQsiEoa2BhmUB4I+yuDg1uUO2mntP2qZNKHuNMaSJETxmIGykRZhcMePmrOa:9FQwQhEOLfuDg0PtOqzKONqsEykRLSeP
Score

10^/10

gh0strat persistence rat upx
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

gh0stratpersistenceratupx

© 2018-2025

Terms | Privacy