gh0strat | 4b74fbd877b7e3e1e325df75ddd3cfece7404a4104a646a65a1a4b7614f9478c | Triage

Submit
Reports

Overview

overview

Static

static

3ff09c343d...8a.exe

windows7-x64

3ff09c343d...8a.exe

windows10-2004-x64

Sharing

General

Target

3ff09c343d8a50e9c9bb1332bf21998a.exe
Size

124KB
Sample

230324-fx5btscd49
MD5

3ff09c343d8a50e9c9bb1332bf21998a
SHA1

1406b01f0d4a258ff883978104903cbc4941cfe8
SHA256

4b74fbd877b7e3e1e325df75ddd3cfece7404a4104a646a65a1a4b7614f9478c
SHA512

79200774264254c770cf7b4f8878d558abb6d0dcb31a39b9cfe29620e04afb055f91f6d7c9dbd7df3affa8352794d22f6780046fb2522d0b6f95e3947bb8b28e
SSDEEP

3072:PZ8FyFwFD6HDIgRAD+rG8RsaESUjx/kKYjzt:PZ8IFjHm4G0JGjxstjZ

Score

10^/10

gh0strat persistence rat

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

3ff09c343d8a50e9c9bb1332bf21998a.exe

Resource

win7-20230220-en

gh0strat persistence rat

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

3ff09c343d8a50e9c9bb1332bf21998a.exe

Resource

win10v2004-20230221-en

gh0strat persistence rat

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  3ff09c343d8a50e9c9bb1332bf21998a.exe
- Size
  
  124KB
- MD5
  
  3ff09c343d8a50e9c9bb1332bf21998a
- SHA1
  
  1406b01f0d4a258ff883978104903cbc4941cfe8
- SHA256
  
  4b74fbd877b7e3e1e325df75ddd3cfece7404a4104a646a65a1a4b7614f9478c
- SHA512
  
  79200774264254c770cf7b4f8878d558abb6d0dcb31a39b9cfe29620e04afb055f91f6d7c9dbd7df3affa8352794d22f6780046fb2522d0b6f95e3947bb8b28e
- SSDEEP
  
  3072:PZ8FyFwFD6HDIgRAD+rG8RsaESUjx/kKYjzt:PZ8IFjHm4G0JGjxstjZ
Score

10^/10

gh0strat persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Sets DLL path for service in the registry
  persistence
- Deletes itself
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gh0stratpersistencerat

behavioral2

gh0stratpersistencerat

© 2018-2024

Terms | Privacy