gh0strat | c2c30ce28decb614028d4790ce1b7d2207ae64c886ba5758ea5694db5bb87837

Analysis

max time kernel
165s
max time network
199s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 08:56

Target

c2c30ce28decb614028d4790ce1b7d2207ae64c886ba5758ea5694db5bb87837.exe
Size

59KB
MD5

0b82b73c4ede5e932429d13390e10986
SHA1

be0e935bd6df7e56ffb2b7969fb9bd30751e6411
SHA256

c2c30ce28decb614028d4790ce1b7d2207ae64c886ba5758ea5694db5bb87837
SHA512

51116fc201a8b14398cad13d55c6fa1c5d30f346379e423d860e9efba10735760ea77c8b46d752e9b9987a45f30eed96737a552cb77cdf88f6cdeeb226785141
SSDEEP

768:gWqBI8kDsasSqzV7hhyEmtq4Z32QSXM34vlgfo2ZxbrSxrglgpohKxvoPz4Z/jfN:gWYk1qzVdhmM4ZkMSQR5SV+bhy7Z/h

Score

10^/10

gh0strat rat upx

Gh0st RAT payload 1 IoCs

resource	yara_rule
behavioral2/memory/3352-133-0x0000000000400000-0x0000000000425000-memory.dmp	family_gh0strat

Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
rat gh0strat

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3352-132-0x0000000000400000-0x0000000000425000-memory.dmp	upx
behavioral2/memory/3352-133-0x0000000000400000-0x0000000000425000-memory.dmp	upx

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\DwindowsSYS	c2c30ce28decb614028d4790ce1b7d2207ae64c886ba5758ea5694db5bb87837.exe

C:\Users\Admin\AppData\Local\Temp\c2c30ce28decb614028d4790ce1b7d2207ae64c886ba5758ea5694db5bb87837.exe
"C:\Users\Admin\AppData\Local\Temp\c2c30ce28decb614028d4790ce1b7d2207ae64c886ba5758ea5694db5bb87837.exe"
1⤵
- Drops file in Program Files directory
PID:3352

memory/3352-132-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/3352-133-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download