gh0strat | aba02983e515624eb5d2294566708bd69b7e792d39b58eeeb543a88960543aa4 | Triage

Submit
Reports

Overview

overview

Static

static

8

8fc836ff05...60.exe

windows7-x64

8fc836ff05...60.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

8fc836ff05640803eeb1bdbf5b9ca360.exe
Size

760KB
Sample

230130-p1ed9aad43
MD5

8fc836ff05640803eeb1bdbf5b9ca360
SHA1

42e95eb613c19fd4309f4e68954e999ea2b3db63
SHA256

aba02983e515624eb5d2294566708bd69b7e792d39b58eeeb543a88960543aa4
SHA512

32125f16ba6273cb362c893c656f9fb04c06a5a96ac9493f33f03f24a11d7866659e54a498ef420b2fc83b1110a5d2bfb2581f3657d4d299db0fff4346a0ebf7
SSDEEP

12288:8ZISRtYZouCPPkLn7RSotjckeayscz1wQudN/NjcqrQOQrvnBlHSt9J8E54C/v3h:FSD8o1k5So5eays8zudXg4zlaCXxvek

Score

10^/10

gh0strat rat vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8fc836ff05640803eeb1bdbf5b9ca360.exe

Resource

win7-20221111-en

gh0strat rat vmprotect

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

8fc836ff05640803eeb1bdbf5b9ca360.exe

Resource

win10v2004-20221111-en

gh0strat rat vmprotect

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  8fc836ff05640803eeb1bdbf5b9ca360.exe
- Size
  
  760KB
- MD5
  
  8fc836ff05640803eeb1bdbf5b9ca360
- SHA1
  
  42e95eb613c19fd4309f4e68954e999ea2b3db63
- SHA256
  
  aba02983e515624eb5d2294566708bd69b7e792d39b58eeeb543a88960543aa4
- SHA512
  
  32125f16ba6273cb362c893c656f9fb04c06a5a96ac9493f33f03f24a11d7866659e54a498ef420b2fc83b1110a5d2bfb2581f3657d4d299db0fff4346a0ebf7
- SSDEEP
  
  12288:8ZISRtYZouCPPkLn7RSotjckeayscz1wQudN/NjcqrQOQrvnBlHSt9J8E54C/v3h:FSD8o1k5So5eays8zudXg4zlaCXxvek
Score

10^/10

gh0strat rat vmprotect
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratratvmprotect

behavioral2

gh0stratratvmprotect

© 2018-2025

Terms | Privacy