gh0strat | a09ca26f20b2157dfb6b8210d1da2fcf7c970356136ddae0eb2a5691021f9bd2 | Triage

Submit
Reports

Overview

overview

Static

static

a09ca26f20...d2.exe

windows7-x64

1

a09ca26f20...d2.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

a09ca26f20b2157dfb6b8210d1da2fcf7c970356136ddae0eb2a5691021f9bd2
Size

23KB
Sample

221205-l4xhfsdc6v
MD5

f77cfbe18541b4caab96038cf7e3afaa
SHA1

1ed8f61d66be5f3f9977987e489ef8192d5eae9d
SHA256

a09ca26f20b2157dfb6b8210d1da2fcf7c970356136ddae0eb2a5691021f9bd2
SHA512

04d334f5558ddac0716c42b560948945b84a61640da448d657abed758eff7ce046c6297608243a3a5fa7d58e384cf3ca17b4fa947d7291438f454b98bd78af62
SSDEEP

384:U2WW6Vid5eR3KyhU1M4DGPhCasZKjKj39/EggzGBkSwxk:FcidU9KyhaM4DGIZKjKj9MPgkA

Score

10^/10

gh0strat rat

Static task

static1

Behavioral task

behavioral1

Sample

a09ca26f20b2157dfb6b8210d1da2fcf7c970356136ddae0eb2a5691021f9bd2.exe

Resource

win7-20220812-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

a09ca26f20b2157dfb6b8210d1da2fcf7c970356136ddae0eb2a5691021f9bd2.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  a09ca26f20b2157dfb6b8210d1da2fcf7c970356136ddae0eb2a5691021f9bd2
- Size
  
  23KB
- MD5
  
  f77cfbe18541b4caab96038cf7e3afaa
- SHA1
  
  1ed8f61d66be5f3f9977987e489ef8192d5eae9d
- SHA256
  
  a09ca26f20b2157dfb6b8210d1da2fcf7c970356136ddae0eb2a5691021f9bd2
- SHA512
  
  04d334f5558ddac0716c42b560948945b84a61640da448d657abed758eff7ce046c6297608243a3a5fa7d58e384cf3ca17b4fa947d7291438f454b98bd78af62
- SSDEEP
  
  384:U2WW6Vid5eR3KyhU1M4DGPhCasZKjKj39/EggzGBkSwxk:FcidU9KyhaM4DGIZKjKj9MPgkA
Score

10^/10

gh0strat rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy