gh0strat | 576b7228060f83db6e520e306cb31146a382cf4d3a980a59c4a68c8aefc0b8da | Triage

Submit
Reports

Overview

overview

Static

static

576b722806...da.exe

windows7-x64

576b722806...da.exe

windows10-2004-x64

Sharing

General

Target

576b7228060f83db6e520e306cb31146a382cf4d3a980a59c4a68c8aefc0b8da
Size

164KB
Sample

221204-v5gm3aef7s
MD5

27cec1668216473595fee2f28bd45a70
SHA1

955f96f7e0b289f37afab359504505a84f75bb45
SHA256

576b7228060f83db6e520e306cb31146a382cf4d3a980a59c4a68c8aefc0b8da
SHA512

d0e1b022c800598d7680c645927e1eb5621a1356b5697b8824a27f1babca2a48d295906738322f9edf45851f1b4f2bdf4b0771eefb5167460e13b8048c5cabbc
SSDEEP

3072:brpO1VLtIpDmLx8nvbeJXTGoxQpyTDm8PSkNLNs+9+J34:br4LS6ObyX6StTSsSkdE3

Score

10^/10

gh0strat rat

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

576b7228060f83db6e520e306cb31146a382cf4d3a980a59c4a68c8aefc0b8da.exe

Resource

win7-20220901-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

576b7228060f83db6e520e306cb31146a382cf4d3a980a59c4a68c8aefc0b8da.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  576b7228060f83db6e520e306cb31146a382cf4d3a980a59c4a68c8aefc0b8da
- Size
  
  164KB
- MD5
  
  27cec1668216473595fee2f28bd45a70
- SHA1
  
  955f96f7e0b289f37afab359504505a84f75bb45
- SHA256
  
  576b7228060f83db6e520e306cb31146a382cf4d3a980a59c4a68c8aefc0b8da
- SHA512
  
  d0e1b022c800598d7680c645927e1eb5621a1356b5697b8824a27f1babca2a48d295906738322f9edf45851f1b4f2bdf4b0771eefb5167460e13b8048c5cabbc
- SSDEEP
  
  3072:brpO1VLtIpDmLx8nvbeJXTGoxQpyTDm8PSkNLNs+9+J34:br4LS6ObyX6StTSsSkdE3
Score

10^/10

gh0strat rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy