gh0strat | 99069ca7ac4c2ec68a1d8cb9527e0d435323c915ade1b3d1bb6cc89a6c5709dc | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

8

99069ca7ac...dc.dll

windows7-x64

99069ca7ac...dc.dll

windows10-2004-x64

Sharing

General

Target

99069ca7ac4c2ec68a1d8cb9527e0d435323c915ade1b3d1bb6cc89a6c5709dc
Size

932KB
Sample

221205-wkcztafd91
MD5

613c1b13ccc2e6f798c54c1acf053880
SHA1

5535fb1b8f77b4bb9dd19aeb99f8ca78dca67bc0
SHA256

99069ca7ac4c2ec68a1d8cb9527e0d435323c915ade1b3d1bb6cc89a6c5709dc
SHA512

92a38c2cd4773b737266c31742dd42e32cd086f0652767cdac4ed562faa26e9fcff8d8cb3426a37cc3b5d6d7dee76b9fec10b592c9d1518f7ad340b77ac47d7e
SSDEEP

12288:nmv2qPjNvAUUGu7vNOjwQCEGnSe/QdF/nDAuWkgUrNgnvvP9bcMrhtMmyKz2J8fP:nmvvjNFqg8x/Qd5JgUSnHx31ahKz2a

Score

10^/10

gh0strat rat vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

99069ca7ac4c2ec68a1d8cb9527e0d435323c915ade1b3d1bb6cc89a6c5709dc.dll

Resource

win7-20220812-en

gh0strat rat vmprotect

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

99069ca7ac4c2ec68a1d8cb9527e0d435323c915ade1b3d1bb6cc89a6c5709dc.dll

Resource

win10v2004-20220812-en

gh0strat rat vmprotect

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  99069ca7ac4c2ec68a1d8cb9527e0d435323c915ade1b3d1bb6cc89a6c5709dc
- Size
  
  932KB
- MD5
  
  613c1b13ccc2e6f798c54c1acf053880
- SHA1
  
  5535fb1b8f77b4bb9dd19aeb99f8ca78dca67bc0
- SHA256
  
  99069ca7ac4c2ec68a1d8cb9527e0d435323c915ade1b3d1bb6cc89a6c5709dc
- SHA512
  
  92a38c2cd4773b737266c31742dd42e32cd086f0652767cdac4ed562faa26e9fcff8d8cb3426a37cc3b5d6d7dee76b9fec10b592c9d1518f7ad340b77ac47d7e
- SSDEEP
  
  12288:nmv2qPjNvAUUGu7vNOjwQCEGnSe/QdF/nDAuWkgUrNgnvvP9bcMrhtMmyKz2J8fP:nmvvjNFqg8x/Qd5JgUSnHx31ahKz2a
Score

10^/10

gh0strat rat vmprotect
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Executes dropped EXE
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Drops startup file
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gh0stratratvmprotect

behavioral2

gh0stratratvmprotect

© 2018-2025

Terms | Privacy