gh0strat | 77dec6eacdfd2dcd5d6a18804c8f385b0d838e620a9031b3e0ee659bf97afa59 | Triage

Submit
Reports

Overview

overview

Static

static

77dec6eacd...59.dll

windows7-x64

77dec6eacd...59.dll

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

Target

77dec6eacdfd2dcd5d6a18804c8f385b0d838e620a9031b3e0ee659bf97afa59
Size

52KB
Sample

221205-qsqmzshc6v
MD5

925fd7154aa102b5a8dfc67398cc1ab0
SHA1

ea7dfbcf10302ae16615345d75e8f8a33c5b0a09
SHA256

77dec6eacdfd2dcd5d6a18804c8f385b0d838e620a9031b3e0ee659bf97afa59
SHA512

0735e7edc8d5e64a1364e582893288984ec1a8b1b0afc9ec0eea962201e214e39b705266fe21755866be4d93842f9544ffe98ad9e431345d4f2503f8ec2c9687
SSDEEP

1536:m3igsUUqNzUVVMtR8fE0xwqJavr9R1sOITDcU:mygfUqLv88awk49R1/wDL

Score

10^/10

gh0strat persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

77dec6eacdfd2dcd5d6a18804c8f385b0d838e620a9031b3e0ee659bf97afa59.dll

Resource

win7-20221111-en

gh0strat persistence rat

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

77dec6eacdfd2dcd5d6a18804c8f385b0d838e620a9031b3e0ee659bf97afa59.dll

Resource

win10v2004-20221111-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Targets

- Target
  
  77dec6eacdfd2dcd5d6a18804c8f385b0d838e620a9031b3e0ee659bf97afa59
- Size
  
  52KB
- MD5
  
  925fd7154aa102b5a8dfc67398cc1ab0
- SHA1
  
  ea7dfbcf10302ae16615345d75e8f8a33c5b0a09
- SHA256
  
  77dec6eacdfd2dcd5d6a18804c8f385b0d838e620a9031b3e0ee659bf97afa59
- SHA512
  
  0735e7edc8d5e64a1364e582893288984ec1a8b1b0afc9ec0eea962201e214e39b705266fe21755866be4d93842f9544ffe98ad9e431345d4f2503f8ec2c9687
- SSDEEP
  
  1536:m3igsUUqNzUVVMtR8fE0xwqJavr9R1sOITDcU:mygfUqLv88awk49R1/wDL
Score

10^/10

gh0strat persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Sets DLL path for service in the registry
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratpersistencerat

behavioral2

© 2018-2025

Terms | Privacy