gh0strat | ae71716ca5e7b8aeba987591ea74a011afc97b2ea188014225b8a6a8ef1ecaa1 | Triage

Submit
Reports

Overview

overview

Static

static

ae71716ca5...a1.dll

windows7-x64

ae71716ca5...a1.dll

windows10-2004-x64

Sharing

General

Target

ae71716ca5e7b8aeba987591ea74a011afc97b2ea188014225b8a6a8ef1ecaa1
Size

105KB
Sample

221204-v46kssef4s
MD5

f130b2a825263b2766f3c5108270ab0d
SHA1

3de865d14cebf181e3ab9cda3c8929dc7e447454
SHA256

ae71716ca5e7b8aeba987591ea74a011afc97b2ea188014225b8a6a8ef1ecaa1
SHA512

deb0a8e0e44008c9f194140114bdd5ce4f009d1188c623a7b4cc4ae9caf33db05b0da8043addb54bd3803f9712b1d020fa64cfae7b2383e894625b4cf6e13782
SSDEEP

3072:BvBKS+26Y8zoz4EfZRzUKR/F4pEIbybZuwu1Uq:N8tA1fYmFEX2ZuwuC

Score

10^/10

gh0strat rat

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

ae71716ca5e7b8aeba987591ea74a011afc97b2ea188014225b8a6a8ef1ecaa1.dll

Resource

win7-20221111-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

ae71716ca5e7b8aeba987591ea74a011afc97b2ea188014225b8a6a8ef1ecaa1.dll

Resource

win10v2004-20221111-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  ae71716ca5e7b8aeba987591ea74a011afc97b2ea188014225b8a6a8ef1ecaa1
- Size
  
  105KB
- MD5
  
  f130b2a825263b2766f3c5108270ab0d
- SHA1
  
  3de865d14cebf181e3ab9cda3c8929dc7e447454
- SHA256
  
  ae71716ca5e7b8aeba987591ea74a011afc97b2ea188014225b8a6a8ef1ecaa1
- SHA512
  
  deb0a8e0e44008c9f194140114bdd5ce4f009d1188c623a7b4cc4ae9caf33db05b0da8043addb54bd3803f9712b1d020fa64cfae7b2383e894625b4cf6e13782
- SSDEEP
  
  3072:BvBKS+26Y8zoz4EfZRzUKR/F4pEIbybZuwu1Uq:N8tA1fYmFEX2ZuwuC
Score

10^/10

gh0strat rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy