gh0strat | 52091de74be387b3409cb595306fef4ef8129c0cd4e4867659140218495c7aa4 | Triage

Submit
Reports

Overview

overview

Static

static

7

tmp.exe

windows7-x64

tmp.exe

windows10-2004-x64

Sharing

General

Target

tmp
Size

161KB
Sample

230325-rgmbvsfb41
MD5

f35b17916d8f7aaffa2e4c2db4597015
SHA1

2e4fbfa5bcd58c62be0df7cbea92b65264993743
SHA256

52091de74be387b3409cb595306fef4ef8129c0cd4e4867659140218495c7aa4
SHA512

f48ef1aa21805e8bca91b6ee87f338c8388d2c8dff6422955704a9c352877f8ad665c139fc3febd6f8c2d64a44ce9d6153e35c8d46b59b4a505ac381b3ad1a5e
SSDEEP

3072:6yIpG2/iDbYeZqFU+D+mlVP93L22cYl71tmAY1n68g1UphQi5UJs:rIposeKUoP93LeI71smuhQXJs

Score

10^/10

gh0strat persistence rat upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

tmp.exe

Resource

win7-20230220-en

gh0strat rat upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

tmp.exe

Resource

win10v2004-20230220-en

gh0strat persistence rat upx

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

gh0strat

C2

154.9.24.101

Targets

- Target
  
  tmp
- Size
  
  161KB
- MD5
  
  f35b17916d8f7aaffa2e4c2db4597015
- SHA1
  
  2e4fbfa5bcd58c62be0df7cbea92b65264993743
- SHA256
  
  52091de74be387b3409cb595306fef4ef8129c0cd4e4867659140218495c7aa4
- SHA512
  
  f48ef1aa21805e8bca91b6ee87f338c8388d2c8dff6422955704a9c352877f8ad665c139fc3febd6f8c2d64a44ce9d6153e35c8d46b59b4a505ac381b3ad1a5e
- SSDEEP
  
  3072:6yIpG2/iDbYeZqFU+D+mlVP93L22cYl71tmAY1n68g1UphQi5UJs:rIposeKUoP93LeI71smuhQXJs
Score

10^/10

gh0strat rat upx persistence
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

gh0stratpersistenceratupx

© 2018-2024

Terms | Privacy