gh0strat | 8e901beac61fbe50677b14fe064528be893f92816e0cced3cc75058082fb129c | Triage

Submit
Reports

Overview

overview

Static

static

8e901beac6...9c.exe

windows7-x64

8e901beac6...9c.exe

windows10-2004-x64

Sharing

General

Target

8e901beac61fbe50677b14fe064528be893f92816e0cced3cc75058082fb129c
Size

722KB
Sample

221204-lsbrlscb4s
MD5

9be442891bd72dc1366679801d206564
SHA1

053cae29109bd52c9c18b99c9842ed9015b02f5e
SHA256

8e901beac61fbe50677b14fe064528be893f92816e0cced3cc75058082fb129c
SHA512

52aa440b1d3ae19afd647bc39bcd5c2942a58fdbfc60e18b1d850b8fbfec4b6a8aa9d42d6d35fe4a2c3e8f77215c20a7a6270d4469b93dcc41bd8d9bb4a1c186
SSDEEP

12288:iM5jZKbBL3aKHx5r+TuxX+fWbwFBfdGmZDHANUTNX:iM5j8Z3aKHx5r+TuxX+IwffFZ3

Score

10^/10

gh0strat persistence rat

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

8e901beac61fbe50677b14fe064528be893f92816e0cced3cc75058082fb129c.exe

Resource

win7-20221111-en

gh0strat persistence rat

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

8e901beac61fbe50677b14fe064528be893f92816e0cced3cc75058082fb129c.exe

Resource

win10v2004-20220901-en

gh0strat persistence rat

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  8e901beac61fbe50677b14fe064528be893f92816e0cced3cc75058082fb129c
- Size
  
  722KB
- MD5
  
  9be442891bd72dc1366679801d206564
- SHA1
  
  053cae29109bd52c9c18b99c9842ed9015b02f5e
- SHA256
  
  8e901beac61fbe50677b14fe064528be893f92816e0cced3cc75058082fb129c
- SHA512
  
  52aa440b1d3ae19afd647bc39bcd5c2942a58fdbfc60e18b1d850b8fbfec4b6a8aa9d42d6d35fe4a2c3e8f77215c20a7a6270d4469b93dcc41bd8d9bb4a1c186
- SSDEEP
  
  12288:iM5jZKbBL3aKHx5r+TuxX+fWbwFBfdGmZDHANUTNX:iM5j8Z3aKHx5r+TuxX+IwffFZ3
Score

10^/10

gh0strat persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratpersistencerat

behavioral2

gh0stratpersistencerat

© 2018-2024

Terms | Privacy