gh0strat | 1bc3ccfedd7ea50fe761a3aa4d1c5319082125de773054f08049d5a50d6962fa | Triage

Submit
Reports

Overview

overview

Static

static

1

097b0639ea...fc.exe

windows7-x64

7

097b0639ea...fc.exe

windows10-2004-x64

Sharing

General

Target

097b0639eac5dce89da4f863e328cb7cdb59dddb97874056d5745baa6aa549fc.zip
Size

344KB
Sample

230321-rys6qsbb75
MD5

1d3360a26d407c051f5355dd1f18c56c
SHA1

e08e208549786f1ac0b37226b646553a08fac1fd
SHA256

1bc3ccfedd7ea50fe761a3aa4d1c5319082125de773054f08049d5a50d6962fa
SHA512

72ff0e77d91dc294fed1ea627908a371da73d06846fc3117d4d5c2903b2348fdebd370af539cf042fb4af461788beaa2dcf9257b9aca7ef28b764b042ffaeef4
SSDEEP

6144:RsQtkewC3Jh6WZDVVX93007mH7n0S6Hg2Bf8jsRbca47glZy5BCUMka:R/tvwYJXZxmHb6ASf4sbCDMka

Score

10^/10

gh0strat rat upx

Static task

static1

Behavioral task

behavioral1

Sample

097b0639eac5dce89da4f863e328cb7cdb59dddb97874056d5745baa6aa549fc.exe

Resource

win7-20230220-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

097b0639eac5dce89da4f863e328cb7cdb59dddb97874056d5745baa6aa549fc.exe

Resource

win10v2004-20230220-en

gh0strat rat upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  097b0639eac5dce89da4f863e328cb7cdb59dddb97874056d5745baa6aa549fc.exe
- Size
  
  508KB
- MD5
  
  e2b41d74c9b417aacaf1cf0e5b0df5db
- SHA1
  
  31c5039f7a2534f8a8b0915b62f3a6f744c1f0b0
- SHA256
  
  097b0639eac5dce89da4f863e328cb7cdb59dddb97874056d5745baa6aa549fc
- SHA512
  
  0c24501b697a2b073a66a2879cc80c46a953b7d84511126d481724afe07ff063f91cbecd73ff5502c66b09f72e10a926bd72b627d8b8a9d7465a7c887fbb671a
- SSDEEP
  
  12288:hh9rd3EzdxmW/MW9W2tBKDeUlQBPoriT:z+xBLIHtQGiT
Score

10^/10

gh0strat rat upx
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy