gh0strat | 53784fbf57107c4de16dbeaf066794ee3f834c6be6a574a5439d4a3adab9f014 | Triage

Submit
Reports

Overview

overview

Static

static

7

53784fbf57...14.exe

windows7-x64

53784fbf57...14.exe

windows10-2004-x64

Resubmissions

10-06-2023 20:25

230610-y7qkjage31 10

Sharing

General

Target

53784fbf57107c4de16dbeaf066794ee3f834c6be6a574a5439d4a3adab9f014
Size

1.3MB
Sample

230610-y7qkjage31
MD5

e0a29b218354601e47ff068d1f7a99a9
SHA1

c70c1e7644164f3bb6f9638699a99e4a4ea358ab
SHA256

53784fbf57107c4de16dbeaf066794ee3f834c6be6a574a5439d4a3adab9f014
SHA512

e147c5f4a871ce3f5fb74d1157bf420beaba3780783386ef0a91679105df1a3b4828aab34b323c5164f02ff4d9e8842b468eb376c7a658c7df8e89b45b3f4c47
SSDEEP

24576:TX7Nm3s9nuWSfva9lhN+RTrLg43+jllcPJwv/DWo8SQiI0+2bX5lcNJpTUG6qoz:wc1uRfvan+7gY+jllfDWfSk6fc

Score

10^/10

gh0strat aspackv2 evasion rat trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

53784fbf57107c4de16dbeaf066794ee3f834c6be6a574a5439d4a3adab9f014.exe

Resource

win7-20230220-en

gh0strat evasion rat trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

53784fbf57107c4de16dbeaf066794ee3f834c6be6a574a5439d4a3adab9f014.exe

Resource

win10v2004-20230220-en

gh0strat evasion rat trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

gh0strat

C2

125.77.168.94

Targets

- Target
  
  53784fbf57107c4de16dbeaf066794ee3f834c6be6a574a5439d4a3adab9f014
- Size
  
  1.3MB
- MD5
  
  e0a29b218354601e47ff068d1f7a99a9
- SHA1
  
  c70c1e7644164f3bb6f9638699a99e4a4ea358ab
- SHA256
  
  53784fbf57107c4de16dbeaf066794ee3f834c6be6a574a5439d4a3adab9f014
- SHA512
  
  e147c5f4a871ce3f5fb74d1157bf420beaba3780783386ef0a91679105df1a3b4828aab34b323c5164f02ff4d9e8842b468eb376c7a658c7df8e89b45b3f4c47
- SSDEEP
  
  24576:TX7Nm3s9nuWSfva9lhN+RTrLg43+jllcPJwv/DWo8SQiI0+2bX5lcNJpTUG6qoz:wc1uRfvan+7gY+jllfDWfSk6fc
Score

10^/10

gh0strat evasion rat trojan
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- UAC bypass
  evasion trojan
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gh0stratevasionrattrojan

behavioral2

gh0stratevasionrattrojan

© 2018-2024

Terms | Privacy