gh0strat

Sharing

Copy URL

Twitter E-mail

General

Target

dfe88c225ba76e233c2dced11d32b3cf994466692dd8ab85be655907231e8acb
Size

15.7MB
Sample

221201-svhfhafc9w
MD5

e792daa9d40602b73922dde791838fca
SHA1

216f5408ba0c0311eb80d3b363f223a415f3e4d5
SHA256

dfe88c225ba76e233c2dced11d32b3cf994466692dd8ab85be655907231e8acb
SHA512

87a0721a2b821699f0166d843546c046a8b447573e0cf0641467f2f29e5d9ee873adb9bb0554335d097e749d860a5816683d3bee2ed111cd9215ecd62c7bd83c
SSDEEP

393216:esF7op6SGg62vw3RXizVcLNiEaeBQZNJCXoPOJLFq65:rF7q6WnhINyrNYYPOJLFqw

Score

10^/10

Malware Config

Targets

- Target
  
  GO.bat
- Size
  
  137B
- MD5
  
  8264f4bd08db9af12005e4e66a739665
- SHA1
  
  f970a0ad03851d560e0f9d75fd090e3ecfb47223
- SHA256
  
  80e5bf0422071cb008a580ef851b901388ea521d7d3e62c6425f3e0fdf7b802a
- SHA512
  
  5b5c411b4e4da951ec4aea4b71343d19f28c340f2394bfaf8fa53a2be1ec42a44d029693b47b6b9f22e64b4962655a10de752fa6b3b2fbc23161656d18196eec
Score

1^/10
behavioral1 behavioral2
- Target
  
  GO1.BAT
- Size
  
  686B
- MD5
  
  f12a54ae1b6d9cd13308ae482de0740b
- SHA1
  
  e4c724dc0a15b9df9ff5f8ff7791bab09c7b7a52
- SHA256
  
  fee8839f9603e47e8da81324c3b35c0966b0b0acb93a7d8962573308abb3be45
- SHA512
  
  c877089099680fde6f4793b4cddf93c3f0a43269f2cb42deaab88777b25bccfe39c0fb6667690fd67dd637418df76e15ff0d1ea8e28d300c953967602f95a040
Score

1^/10
behavioral3 behavioral4
- Target
  
  QQ565862362.BAT
- Size
  
  748B
- MD5
  
  57e78eb83c4e726e25ea1b98efbbc944
- SHA1
  
  a597c6bc62911ae2e88d2fdd4a5c05528ab896cf
- SHA256
  
  5b2a1b483b2d8938b9c28ef1be4e02ed93d905e38a13ef88285fb9314f6aafaa
- SHA512
  
  26e3474fc631eb49094454001379a575cbaf3ff9a4ca02b5692bf9f055cccdd35cefd75a3c4bbb96ba96e63a07385eb98c2a6954872516eff7cef6138041a006
Score

7^/10

spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral5 behavioral6
- Target
  
  QQ565862362.exe
- Size
  
  9KB
- MD5
  
  523d5c39f9d8d2375c3df68251fa2249
- SHA1
  
  d4ed365c44bec9246fc1a65a32a7791792647a10
- SHA256
  
  20e3dc90a3e83b6202e2a7f4603b60e5e859639cb68693426c400b13aaeabd78
- SHA512
  
  526e1bba30d03f1ac177c6ab7409187a730969c429cebef15da68ffcf44b3b93227781eebc827b2f7a0fa17c391e00a0e532263fd0167aeaeb0456f96cfe3ae4
- SSDEEP
  
  192:8g+i1VkHYXYxKTUtmPeQpLMFnlI1cTtYiAxHbDq/MR9tpL2OMoUwGCfpAGdDeqVs:LLXYxKTUtmPeQpLMFnCQHAx7D0MnKOMJ
Score

1^/10
behavioral7 behavioral8
- Target
  
  QtCore4.dll
- Size
  
  1.5MB
- MD5
  
  abf1f45b4fa467b830f091cf96d82586
- SHA1
  
  ec9318507eca589b892b91fea1eecf58c4fb2deb
- SHA256
  
  f62805feb8e855e9678e4de36282b5c4093b56c0eb0bcfe85a51bacae7507a1b
- SHA512
  
  2a98cbe2bb859fe9ab22a367348d1add6b56a2b972505b4db15bec6b3a1b9d7c8ce61bf5f08fb6049f5c0805fa86bf307b15b79e2343f89bcc1e6b2bce5710a1
- SSDEEP
  
  49152:SXLgL2/LdCtK6lfkU/KpYPwnfblBTOoi16654:SXLhItKycUenfA
Score

3^/10
behavioral10 behavioral9
- Target
  
  QtGui4.dll
- Size
  
  5.3MB
- MD5
  
  21e38b4a1f28bdef99d1c7dac5dce164
- SHA1
  
  434cfe88857a09c02932b924fcb505bd8f92f387
- SHA256
  
  1f84cb0697402cf9380e837a6d26f79ec8499103497b37e7ba978c87211bd29b
- SHA512
  
  e3397d61987d4c8473318f0a6b1fa6117bcbc40ba1d5d571dc6f976b50a27775b1af494395378ff41871a6496c4132e5414bf95baa7bcf158eb4409c6103cda6
- SSDEEP
  
  98304:5HRjS++1USBmNbYEUDVjpa8pni+5eftfO7Ri:5HRjS++6SUmEEjgamW7R
Score

3^/10
behavioral11 behavioral12
- Target
  
  libeay32.dll
- Size
  
  992KB
- MD5
  
  cdbdef73515997355e81a99421c1d721
- SHA1
  
  ac95779820fe537ff93eb40aaac490148762a76c
- SHA256
  
  eefcf44cc4252ac145b2ac34d770e4ea69b5b0309bf722669b13a1e0f877560f
- SHA512
  
  a76f9ec2bc382d352932e3d98f08be7a997819c9ef78cb3c70fc7aa8ad45597d15e39d7168ae047f4f5cd05460e3a4ac8ba28243abedf42a3d2dc7bdf25c9f8c
- SSDEEP
  
  12288:BQP2QVbf1xk9IrENzgCu2HBh/iKapdCdkEMbTL+BhpiG2/ul/y:BkzkCIw23i5pQduTLahpR2/ul/y
Score

1^/10
behavioral13 behavioral14
- Target
  
  msvcr71.dll
- Size
  
  340KB
- MD5
  
  86f1895ae8c5e8b17d99ece768a70732
- SHA1
  
  d5502a1d00787d68f548ddeebbde1eca5e2b38ca
- SHA256
  
  8094af5ee310714caebccaeee7769ffb08048503ba478b879edfef5f1a24fefe
- SHA512
  
  3b7ce2b67056b6e005472b73447d2226677a8cadae70428873f7efa5ed11a3b3dbf6b1a42c5b05b1f2b1d8e06ff50dfc6532f043af8452ed87687eefbf1791da
- SSDEEP
  
  6144:OcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE:Ooz83OtIEzW+/m/AyF7bCrO/E
Score

3^/10
behavioral15 behavioral16
- Target
  
  smss..exe
- Size
  
  272KB
- MD5
  
  0ed81dffe9ea43db57e4905754a96b94
- SHA1
  
  55797306c4ab7436fdf29a8bf4e4f377e222f8ba
- SHA256
  
  1bee4dd36b336572d4f5e0c5917d042a9cd27935f6e8c75b08a36ac489e529fd
- SHA512
  
  5b10a2aef370b5811dac977267c8a4fe5489b8632d18b428cb4fcdbd3502627eacdb231708d36629fa632f2f1b80d50a221e87c7ea251f03ffca1c989b02915f
- SSDEEP
  
  6144:edA0RhQfDkDKLfyw9Ekzq1HjYpVxj31nSHvOa7NSnS7:Ch0ym
Score

1^/10
behavioral17 behavioral18
- Target
  
  ssleay32.dll
- Size
  
  192KB
- MD5
  
  6c06fb9e1d818fde8d142ee180a65646
- SHA1
  
  96fa129d753d27687525801df696fd900dcdfce0
- SHA256
  
  f07ce36b11699b2faa37e2604a49d33db7528262e8bb782a96e7cb2a3e18aa1c
- SHA512
  
  716fe41c32d0185105c9df2a0cbed8582efe1b024bf23d9b85cd527204a2694c87b2cc7ab389d64e0ee58a8a893124672f4d10ca50034833c796bfb042b99e4b
- SSDEEP
  
  3072:r4UwVU297qMHzCpH2nwCKGJ5RUV/l2yzb7lD93hTEUjQBV7uFoavapQ/wM:rY9rHzCV2wdGJ5PMb7lB3bQBSvap
Score

1^/10
behavioral19 behavioral20
- Target
  
  ϯ.BAT
- Size
  
  595B
- MD5
  
  3133c77a6f5df35363a07926bca5f4a2
- SHA1
  
  77d360c46c9122f982388cedd8919c377d4eb9b9
- SHA256
  
  0f640e1dbd068ba6911886f05d5d50e17214dad76a85e994c457b1bbeb449cbe
- SHA512
  
  6d71ff7ef03b971b6870207fb7dd017b01b5f56c75654e6044b643d6b17e2f7ff5f5e89da25a2e0928830facfacfc05780727aa40f4ffce9eff70d4ee8494a66
Score

1^/10
behavioral21 behavioral22
- Target
  
  143.exe
- Size
  
  89KB
- MD5
  
  f8cd7187660c150aeefdd8b9b94b754f
- SHA1
  
  da5b680e3d87f2be5bc7a9e33a221253762a2f1b
- SHA256
  
  9604a2c330c32ea1a7490aaa7bdf276ac92b806cdb11b008c6d6bcad9e59aa0b
- SHA512
  
  5671307a0804119e99e83eb205d729c83521bad4dc8c1e1d3b59fec79a268defe42874e646da7ba4fa80bbf4aada05ad9d18227c8bc02d7a1e0958e84b620a2d
- SSDEEP
  
  1536:40IyvkU5Dui8Iao7bRu1xBAkKPbgexuzTG6R5AJTFB2j1OyjjEaRjIx08PI:40IXuuiRao7o1jTOPkiB2xOyvEgIx0uI
Score

10^/10

gh0strat rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
behavioral23 behavioral24
- Target
  
  1433.exe
- Size
  
  89KB
- MD5
  
  5aba57f11f1176d0a81dc28af9e77bdc
- SHA1
  
  efd087836b0bdd281b984bde113ab7f234cb38da
- SHA256
  
  4cc6f99c47bac7dd9f849aed8b0509511d5015efc80a284ba9a66cc60a36a559
- SHA512
  
  12ff3484fd7cfa6f290159a32e689f5130932806b4b2ccedae888eff30f420686ebefcdf5bb3e1013257830fc64f925cd26f776855ffb0b48465de64420ed59d
- SSDEEP
  
  1536:A9IywkUpmqyz2Wq9/lwiMbtzW56lq1eFd6+BHy7dHc4uNg/t4Bu6:A9IYiy6bjkDkMvHB8cj46
Score

10^/10

gh0strat rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
behavioral25 behavioral26

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Reads user/profile data of web browsers

Gh0st RAT payload

Executes dropped EXE

Deletes itself

Loads dropped DLL

Drops file in System32 directory

Gh0st RAT payload

Gh0strat

Executes dropped EXE

Deletes itself

Loads dropped DLL

Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26