gh0strat | 12d4afc84ad9cface8350f9db22b9b6284a4c13def3e5add2c5edee176446a86 | Triage

Submit
Reports

Overview

overview

Static

static

12d4afc84a...86.exe

windows7-x64

12d4afc84a...86.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

12d4afc84ad9cface8350f9db22b9b6284a4c13def3e5add2c5edee176446a86
Size

64KB
Sample

230807-d3bwcsdc63
MD5

297271d34dfb4a09d7b6cc638f86b157
SHA1

b99ebace53f4573d676083c20664137209345bdd
SHA256

12d4afc84ad9cface8350f9db22b9b6284a4c13def3e5add2c5edee176446a86
SHA512

61ab4be89dc6f832ad3b774082ae9a6e80ebc51d174c3108c599da942221de5f1dedcafac1f84295bfbd18400199f7db174281dc72bfee5028359e79516fdb4e
SSDEEP

768:Hf8t6upP3EucZiQ1eth0nljc7jngtgEisKMWr3Pz1UVg8HZH8l8KxgAwJa:O6wvOHNlgjng4s/EBI5S4AT

Score

10^/10

gh0strat rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

12d4afc84ad9cface8350f9db22b9b6284a4c13def3e5add2c5edee176446a86.exe

Resource

win7-20230712-en

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

12d4afc84ad9cface8350f9db22b9b6284a4c13def3e5add2c5edee176446a86.exe

Resource

win10v2004-20230703-en

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  12d4afc84ad9cface8350f9db22b9b6284a4c13def3e5add2c5edee176446a86
- Size
  
  64KB
- MD5
  
  297271d34dfb4a09d7b6cc638f86b157
- SHA1
  
  b99ebace53f4573d676083c20664137209345bdd
- SHA256
  
  12d4afc84ad9cface8350f9db22b9b6284a4c13def3e5add2c5edee176446a86
- SHA512
  
  61ab4be89dc6f832ad3b774082ae9a6e80ebc51d174c3108c599da942221de5f1dedcafac1f84295bfbd18400199f7db174281dc72bfee5028359e79516fdb4e
- SSDEEP
  
  768:Hf8t6upP3EucZiQ1eth0nljc7jngtgEisKMWr3Pz1UVg8HZH8l8KxgAwJa:O6wvOHNlgjng4s/EBI5S4AT
Score

10^/10

gh0strat rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Deletes itself
- Executes dropped EXE
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy