gh0strat | a8b525c987b2d76a7423bfcfb330d4a427fa4364fc56f3d9f51c1e1a85e87e1c | Triage

Submit
Reports

Overview

overview

Static

static

7

dridex

windows10-2004-x64

Sharing

General

Target

a8b525c987b2d76a7423bfcfb330d4a427fa4364fc56f3d9f51c1e1a85e87e1c
Size

888KB
Sample

230323-b23atacg38
MD5

7e8a01910e1d17303bfb0c44a1c4a842
SHA1

b2df44bc4b608b56305d392a513ae04d4e6112f9
SHA256

a8b525c987b2d76a7423bfcfb330d4a427fa4364fc56f3d9f51c1e1a85e87e1c
SHA512

d07dbbc37df6b7ab0c313697fd928ff93385d3958a98a7caf7e3a30a9d31a840ca96f992921962292a0e69b4eaf760c5b206c4049c1dc73fa6d259ecfbc60978
SSDEEP

12288:2w5dSrZDAwfyUZd9xZ9EX+XBqbJTXv4w8Zg+3Mlazd+CXQqHA:2w5GDASyUZd9xZS1XvFw8CXH

Score

10^/10

gh0strat rat vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a8b525c987b2d76a7423bfcfb330d4a427fa4364fc56f3d9f51c1e1a85e87e1c.exe

Resource

win10v2004-20230221-en

gh0strat rat vmprotect

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

gh0strat

C2

30.cmananan.com

Targets

- Target
  
  a8b525c987b2d76a7423bfcfb330d4a427fa4364fc56f3d9f51c1e1a85e87e1c
- Size
  
  888KB
- MD5
  
  7e8a01910e1d17303bfb0c44a1c4a842
- SHA1
  
  b2df44bc4b608b56305d392a513ae04d4e6112f9
- SHA256
  
  a8b525c987b2d76a7423bfcfb330d4a427fa4364fc56f3d9f51c1e1a85e87e1c
- SHA512
  
  d07dbbc37df6b7ab0c313697fd928ff93385d3958a98a7caf7e3a30a9d31a840ca96f992921962292a0e69b4eaf760c5b206c4049c1dc73fa6d259ecfbc60978
- SSDEEP
  
  12288:2w5dSrZDAwfyUZd9xZ9EX+XBqbJTXv4w8Zg+3Mlazd+CXQqHA:2w5GDASyUZd9xZS1XvFw8CXH
Score

10^/10

gh0strat rat vmprotect
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gh0stratratvmprotect

© 2018-2024

Terms | Privacy