gh0strat | c48e56a716cbc7178a29ab95120e7f26ee27ee71d8271c878776043a803c5941 | Triage

Submit
Reports

Overview

overview

Static

static

c48e56a716...41.dll

windows7-x64

c48e56a716...41.dll

windows10-2004-x64

Sharing

General

Target

c48e56a716cbc7178a29ab95120e7f26ee27ee71d8271c878776043a803c5941
Size

152KB
Sample

221206-zlscnseh4z
MD5

2302184a62b925d15b0209962f894c74
SHA1

1d2194654c6b68eca25b3cd09e973f0634d17d48
SHA256

c48e56a716cbc7178a29ab95120e7f26ee27ee71d8271c878776043a803c5941
SHA512

c6fa8f30d6c5e56a0f921445feb840a68275d39f5b4d473fd0ac330fc755f012e19bc6855cb69ddce18df0b9fc1c48f1311804030324ac597df04a9a0e69924c
SSDEEP

3072:7BWHWVKhqvEzO/V1VrNYQkCA+HFSWvF3TBftonob2a:1WHA9DNYtEHhvF3TBlonob5

Score

10^/10

gh0strat rat

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

c48e56a716cbc7178a29ab95120e7f26ee27ee71d8271c878776043a803c5941.dll

Resource

win7-20220812-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

c48e56a716cbc7178a29ab95120e7f26ee27ee71d8271c878776043a803c5941.dll

Resource

win10v2004-20220812-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  c48e56a716cbc7178a29ab95120e7f26ee27ee71d8271c878776043a803c5941
- Size
  
  152KB
- MD5
  
  2302184a62b925d15b0209962f894c74
- SHA1
  
  1d2194654c6b68eca25b3cd09e973f0634d17d48
- SHA256
  
  c48e56a716cbc7178a29ab95120e7f26ee27ee71d8271c878776043a803c5941
- SHA512
  
  c6fa8f30d6c5e56a0f921445feb840a68275d39f5b4d473fd0ac330fc755f012e19bc6855cb69ddce18df0b9fc1c48f1311804030324ac597df04a9a0e69924c
- SSDEEP
  
  3072:7BWHWVKhqvEzO/V1VrNYQkCA+HFSWvF3TBftonob2a:1WHA9DNYtEHhvF3TBlonob5
Score

10^/10

gh0strat rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy