gh0strat | 03e2c418cb3172abe01433d974f3204dda1f54377b0c54a30ca96f82c2d6309a | Triage

Submit
Reports

Overview

overview

Static

static

1

56693b2363...af.exe

windows7-x64

56693b2363...af.exe

windows10-2004-x64

Sharing

General

Target

56693b2363024dd47e0f13d4f93ddebc0bbf65b896eb22636641d03aad7bf8af.zip
Size

74KB
Sample

230321-ryt32abb78
MD5

abeebb2b9d9237bb68317ca5ea6bda50
SHA1

47984e7eb6434f14f88c1b7b44faf81df3d3c9ed
SHA256

03e2c418cb3172abe01433d974f3204dda1f54377b0c54a30ca96f82c2d6309a
SHA512

1500cbda96127d995a311ec99eaf961e30b294d9c0d31f9e7cb83ae439c0eb8f82982debb6de2a531ab3a5b96bc2d7c898a5bada4a9112356f37f46883961bd3
SSDEEP

1536:91pUNKWkN/+isVVWD+pnv0erO1Fkjg4WciEhnVZxBSnaZUD0skbg:91KoV8XWDpjgBWvUQn/b

Score

10^/10

gh0strat persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

56693b2363024dd47e0f13d4f93ddebc0bbf65b896eb22636641d03aad7bf8af.exe

Resource

win7-20230220-en

gh0strat persistence rat

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

56693b2363024dd47e0f13d4f93ddebc0bbf65b896eb22636641d03aad7bf8af.exe

Resource

win10v2004-20230220-en

gh0strat persistence rat

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  56693b2363024dd47e0f13d4f93ddebc0bbf65b896eb22636641d03aad7bf8af.exe
- Size
  
  80KB
- MD5
  
  393f2fb9401919be93d8c80478326cfc
- SHA1
  
  d2e5c2d5b3fceb69a0a49603ebc6239a003a934a
- SHA256
  
  56693b2363024dd47e0f13d4f93ddebc0bbf65b896eb22636641d03aad7bf8af
- SHA512
  
  4daf67557badb91007f64f49c7f3b13230234f8f2717fd20e476661dfa2db448f06d57927c8e881efb6afe96823b25784370f926363cefabcc85bf5c57a6483b
- SSDEEP
  
  1536:kFz0LnC0atiq+9Cc73McaTBFb0bJ+oa/xrpnHTlyojsjxNe22JjIHMl:kFz90hq+Yc7Hf4oa5r5sojsj+oMl
Score

10^/10

gh0strat persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gh0stratpersistencerat

behavioral2

gh0stratpersistencerat

© 2018-2024

Terms | Privacy