gh0strat | a896be695060cae32a70973ebba049139b27ae837e870e5faf728392b32854dd | Triage

Submit
Reports

Overview

overview

Static

static

7

New_4.8.10.exe

windows7-x64

New_4.8.10.exe

windows10-1703-x64

New_4.8.10.exe

windows10-2004-x64

Sharing

General

Target

New_4.8.10.exe
Size

124.3MB
Sample

230823-rs8n8scf67
MD5

f89701701ace82ef08972d55b68e232f
SHA1

084888e907329c480518220990fc4a8dcd108463
SHA256

a896be695060cae32a70973ebba049139b27ae837e870e5faf728392b32854dd
SHA512

f5f9e7b1f6ae0e5983a58c91be5558feb10bb07ffa10a289580759cc1abba8c829d7f9752873c62fbb0f552119e5fc9ebe3a02cdb649919d1743ee933bc49bf1
SSDEEP

3145728:dRrHJ5u0UJ140kRRGtBOPMx332CVB4JeMz9MrI/:dRrHb/UJSrR8hbxPrI/

Score

10^/10

gh0strat rat upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

New_4.8.10.exe

Resource

win7-20230712-en

gh0strat rat upx

windows7-x64

19 signatures

300 seconds

Behavioral task

behavioral2

Sample

New_4.8.10.exe

Resource

win10-20230703-en

gh0strat rat upx

windows10-1703-x64

19 signatures

300 seconds

Behavioral task

behavioral3

Sample

New_4.8.10.exe

Resource

win10v2004-20230703-en

gh0strat rat upx

windows10-2004-x64

19 signatures

300 seconds

Malware Config

Extracted

Family

gh0strat

C2

zhodaji.com

Targets

- Target
  
  New_4.8.10.exe
- Size
  
  124.3MB
- MD5
  
  f89701701ace82ef08972d55b68e232f
- SHA1
  
  084888e907329c480518220990fc4a8dcd108463
- SHA256
  
  a896be695060cae32a70973ebba049139b27ae837e870e5faf728392b32854dd
- SHA512
  
  f5f9e7b1f6ae0e5983a58c91be5558feb10bb07ffa10a289580759cc1abba8c829d7f9752873c62fbb0f552119e5fc9ebe3a02cdb649919d1743ee933bc49bf1
- SSDEEP
  
  3145728:dRrHJ5u0UJ140kRRGtBOPMx332CVB4JeMz9MrI/:dRrHb/UJSrR8hbxPrI/
Score

10^/10

gh0strat rat upx
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

© 2018-2024

Terms | Privacy