gh0strat | a15ee6f25dee4059a845c4310e61c34d2ac0722d1ed7a2653be92d9d0beb9450 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

a15ee6f25d...50.exe

windows7-x64

a15ee6f25d...50.exe

windows10-2004-x64

Sharing

General

Target

a15ee6f25dee4059a845c4310e61c34d2ac0722d1ed7a2653be92d9d0beb9450
Size

790KB
Sample

221205-z2a4bsbc6v
MD5

938f5ee5e3777f00da37c7469b97a9e7
SHA1

1cb9c94fd022a32ccfb5ae57b78f6d26ec6db754
SHA256

a15ee6f25dee4059a845c4310e61c34d2ac0722d1ed7a2653be92d9d0beb9450
SHA512

ecdcdcd1606c64e45ab5501b5c17741343beae6d239bdb08761e3a8950edd3dfd59b955e3d7be7295c309796a6eaf6d54ed5c0bd91cce7511eebc4bb0d2163cd
SSDEEP

12288:iM5jZKbBL3aKHx5r+TuxX+fWbwFBfdGmZv:iM5j8Z3aKHx5r+TuxX+IwffFZv

Score

10^/10

gh0strat persistence rat

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

a15ee6f25dee4059a845c4310e61c34d2ac0722d1ed7a2653be92d9d0beb9450.exe

Resource

win7-20220812-en

gh0strat persistence rat

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

a15ee6f25dee4059a845c4310e61c34d2ac0722d1ed7a2653be92d9d0beb9450.exe

Resource

win10v2004-20220901-en

gh0strat persistence rat

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  a15ee6f25dee4059a845c4310e61c34d2ac0722d1ed7a2653be92d9d0beb9450
- Size
  
  790KB
- MD5
  
  938f5ee5e3777f00da37c7469b97a9e7
- SHA1
  
  1cb9c94fd022a32ccfb5ae57b78f6d26ec6db754
- SHA256
  
  a15ee6f25dee4059a845c4310e61c34d2ac0722d1ed7a2653be92d9d0beb9450
- SHA512
  
  ecdcdcd1606c64e45ab5501b5c17741343beae6d239bdb08761e3a8950edd3dfd59b955e3d7be7295c309796a6eaf6d54ed5c0bd91cce7511eebc4bb0d2163cd
- SSDEEP
  
  12288:iM5jZKbBL3aKHx5r+TuxX+fWbwFBfdGmZv:iM5j8Z3aKHx5r+TuxX+IwffFZv
Score

10^/10

gh0strat persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratpersistencerat

behavioral2

gh0stratpersistencerat

© 2018-2025

Terms | Privacy