gh0strat | 17eb7cf69711747cc912e9685f6c1e79846f030bd5fb4e854b6e3e9e715ab0de | Triage

Submit
Reports

Overview

overview

Static

static

1

test.exe

windows7-x64

test.exe

windows10-2004-x64

Sharing

General

Target

test.exe
Size

36KB
Sample

230329-hhk1ragg5s
MD5

df8410184a39df8fe0bb38682632a28e
SHA1

566daf16f0ae29f27458e627232549f2d3b8e11d
SHA256

17eb7cf69711747cc912e9685f6c1e79846f030bd5fb4e854b6e3e9e715ab0de
SHA512

75c6a1187ac692d00331bf1205cdca31e0e06a7e5d50deea48967c7540de99bc5843d230fca485c37ce6c10e552a6625238a6f1bd8b5d153fd3850f329633774
SSDEEP

192:Y/l8yP7/73boE8jPJNJN1Rd/GO8LdubfXbLphoynfgH9teiDlFQ93M3pkR:8TLcPHJBIOvfZhWdteiD7QSc

Score

10^/10

gh0strat rat upx

Static task

static1

Behavioral task

behavioral1

Sample

test.exe

Resource

win7-20230220-en

gh0strat rat upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

test.exe

Resource

win10v2004-20230220-en

gh0strat rat upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  test.exe
- Size
  
  36KB
- MD5
  
  df8410184a39df8fe0bb38682632a28e
- SHA1
  
  566daf16f0ae29f27458e627232549f2d3b8e11d
- SHA256
  
  17eb7cf69711747cc912e9685f6c1e79846f030bd5fb4e854b6e3e9e715ab0de
- SHA512
  
  75c6a1187ac692d00331bf1205cdca31e0e06a7e5d50deea48967c7540de99bc5843d230fca485c37ce6c10e552a6625238a6f1bd8b5d153fd3850f329633774
- SSDEEP
  
  192:Y/l8yP7/73boE8jPJNJN1Rd/GO8LdubfXbLphoynfgH9teiDlFQ93M3pkR:8TLcPHJBIOvfZhWdteiD7QSc
Score

10^/10

gh0strat rat upx
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy