gh0strat | 69250fa69361dac5d4fbf9610b44b7d2c8363147650c82227702650a55571176 | Triage

Sharing

General

Target

69250fa69361dac5d4fbf9610b44b7d2c8363147650c82227702650a55571176
Size

522KB
Sample

221203-3p4fwsfh23
MD5

b61e9f3b31767d617ed440d9cc5956b0
SHA1

2e6eba0c0daffd742d122a475c5ef669a028fb99
SHA256

69250fa69361dac5d4fbf9610b44b7d2c8363147650c82227702650a55571176
SHA512

732fb6c50f99a9c6871406fbc0a51c16da789e39303e77c8ab42aa997b5f253842784073373f3887da9e12a8c77540227b456657b9d19ee90a33b7f4b90cf05a
SSDEEP

12288:QKDzbQPODXQEdr8obMJQa+rP5xRDGoCnWaRcXLu73B:QK3kPOfr8obSQaOPFqxTma73B

Score

10^/10

gh0strat persistence rat

Malware Config

Targets

- Target
  
  server.exe
- Size
  
  103KB
- MD5
  
  9a5abb4d312e6b446c4da0be25b6ac24
- SHA1
  
  2789ef53a8dbcc76919228da60ec522d0d82973f
- SHA256
  
  13c02d1923cbf2ed90e85200441eaaf928b695a2e0c93cba70f437f9caca2126
- SHA512
  
  8833ab9aab116df77a5a1de3778732de4046c0e210edb10fee0f3668902f292e1aad0316aa74a72bb04704e793abbb727e5e9b618a120f0abcfbf60deae0ee7f
- SSDEEP
  
  3072:E7GSysSkscXNOpMWkJZkTT46235IOZ43D:E7GSysJOpOkTT467
Score

10^/10

gh0strat persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Sets DLL path for service in the registry
  persistence
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  ��~1.EXE
- Size
  
  532KB
- MD5
  
  13c9c8a3c9cf8da268040475ca343721
- SHA1
  
  ce08fcacf580b67a43d578b856ebc2ab447bb1dd
- SHA256
  
  9838a38280e92938c4c37ee72f1af552070064b3aae09fa24c51091cf50fbd04
- SHA512
  
  9391fbcbb4c2e10bb71a4901aba997892064e1a09691c6d963e16cced8ebf88cf0b8f2f682cdc1a7139326a43c53a11066c815c6604e824a807afebc875280fa
- SSDEEP
  
  12288:EQbP8GQPfrlUTSPWvSkWv8Hk7OuiJ2VSw9rPZKvrNnpMo:EQwGyrSWWvSkWok71isSwNPgvppMo
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratpersistencerat

behavioral2

gh0stratpersistencerat

behavioral3

behavioral4