gh0strat | 613cd3ad0f822e5b5c2c5091f91b37ba13d2da5bd98d2e9f11991d394733a025 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

613cd3ad0f...25.exe

windows7-x64

613cd3ad0f...25.exe

windows10-2004-x64

Sharing

General

Target

613cd3ad0f822e5b5c2c5091f91b37ba13d2da5bd98d2e9f11991d394733a025
Size

919KB
Sample

221205-z2cl6abc6w
MD5

1ce18d93bddd3b07001129742055f73f
SHA1

36113a76b9ed96ce38656a6b2e2142d45ea7147d
SHA256

613cd3ad0f822e5b5c2c5091f91b37ba13d2da5bd98d2e9f11991d394733a025
SHA512

36920b77cf4017d1df2a7aefa7d552dce3bb6204c6979aa5c5a16916321ba1d3bc1dde7d4cbab33231c64fa612d5a47595e84b9922d6caacddc21312980ff3e9
SSDEEP

12288:iM5jZKbBL3aKHx5r+TuxX+fWbwFBfdGmZ1vgSn:iM5j8Z3aKHx5r+TuxX+IwffFZ1vgSn

Score

10^/10

gh0strat persistence rat

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

613cd3ad0f822e5b5c2c5091f91b37ba13d2da5bd98d2e9f11991d394733a025.exe

Resource

win7-20221111-en

gh0strat persistence rat

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

613cd3ad0f822e5b5c2c5091f91b37ba13d2da5bd98d2e9f11991d394733a025.exe

Resource

win10v2004-20220901-en

gh0strat persistence rat

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  613cd3ad0f822e5b5c2c5091f91b37ba13d2da5bd98d2e9f11991d394733a025
- Size
  
  919KB
- MD5
  
  1ce18d93bddd3b07001129742055f73f
- SHA1
  
  36113a76b9ed96ce38656a6b2e2142d45ea7147d
- SHA256
  
  613cd3ad0f822e5b5c2c5091f91b37ba13d2da5bd98d2e9f11991d394733a025
- SHA512
  
  36920b77cf4017d1df2a7aefa7d552dce3bb6204c6979aa5c5a16916321ba1d3bc1dde7d4cbab33231c64fa612d5a47595e84b9922d6caacddc21312980ff3e9
- SSDEEP
  
  12288:iM5jZKbBL3aKHx5r+TuxX+fWbwFBfdGmZ1vgSn:iM5j8Z3aKHx5r+TuxX+IwffFZ1vgSn
Score

10^/10

gh0strat persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratpersistencerat

behavioral2

gh0stratpersistencerat

© 2018-2025

Terms | Privacy