gh0strat | 5be1288b17f208477e60a1a398e42fb718f1767e7f79e2979996c79192e5e775 | Triage

Submit
Reports

Overview

overview

Static

static

3

WPS-0A6AB1...om.exe

windows7-x64

WPS-0A6AB1...om.exe

windows10-1703-x64

WPS-0A6AB1...om.exe

windows10-2004-x64

Sharing

General

Target

WPS-0A6AB1D6FA31sshortcuts-custom.exe
Size

67.7MB
Sample

230827-tn3njabd53
MD5

c01e7f9022cd6d91aa06881229383f31
SHA1

631b5ba15d4fe42b812436b8f12ee33018219d34
SHA256

5be1288b17f208477e60a1a398e42fb718f1767e7f79e2979996c79192e5e775
SHA512

21a3933e1776676960557cb092cc3bf8bd1037287053767a18b47f04580308a46355f199c1fe97c8b8a813491d58f769040c96d97a2b7a9c6dca397cf91ef45f
SSDEEP

1572864:83Mo59ulmbjAa91+FggUhx2HI+8h1QYkXmj6hbBeCVCqU:83/0QAau1qw88XmOBeuxU

Score

10^/10

gh0strat aspackv2 evasion persistence rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

WPS-0A6AB1D6FA31sshortcuts-custom.exe

Resource

win7-20230712-en

gh0strat aspackv2 evasion persistence rat trojan upx

windows7-x64

18 signatures

300 seconds

Behavioral task

behavioral2

Sample

WPS-0A6AB1D6FA31sshortcuts-custom.exe

Resource

win10-20230703-en

gh0strat aspackv2 evasion persistence rat trojan upx

windows10-1703-x64

19 signatures

300 seconds

Behavioral task

behavioral3

Sample

WPS-0A6AB1D6FA31sshortcuts-custom.exe

Resource

win10v2004-20230703-en

gh0strat aspackv2 evasion persistence rat trojan upx

windows10-2004-x64

19 signatures

300 seconds

Malware Config

Targets

- Target
  
  WPS-0A6AB1D6FA31sshortcuts-custom.exe
- Size
  
  67.7MB
- MD5
  
  c01e7f9022cd6d91aa06881229383f31
- SHA1
  
  631b5ba15d4fe42b812436b8f12ee33018219d34
- SHA256
  
  5be1288b17f208477e60a1a398e42fb718f1767e7f79e2979996c79192e5e775
- SHA512
  
  21a3933e1776676960557cb092cc3bf8bd1037287053767a18b47f04580308a46355f199c1fe97c8b8a813491d58f769040c96d97a2b7a9c6dca397cf91ef45f
- SSDEEP
  
  1572864:83Mo59ulmbjAa91+FggUhx2HI+8h1QYkXmj6hbBeCVCqU:83/0QAau1qw88XmOBeuxU
Score

10^/10

gh0strat aspackv2 evasion persistence rat trojan upx
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- UAC bypass
  evasion trojan
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0strataspackv2evasionpersistencerattrojanupx

behavioral2

gh0strataspackv2evasionpersistencerattrojanupx

behavioral3

gh0strataspackv2evasionpersistencerattrojanupx

© 2018-2024

Terms | Privacy