gh0strat | d798b83aaafcfcbcd02aeb4de16056c8145e605ea4f4c7b5b48c8197ed9abae6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d798b83aaafcfcbcd02aeb4de16056c8145e605ea4f4c7b5b48c8197ed9abae6
Size

128KB
Sample

230828-vpl8lsdc68
MD5

bf0211b163b1af5fcc250d4888469ff3
SHA1

f52c3e42de53cd27c0194b7ebd14de58414ed963
SHA256

d798b83aaafcfcbcd02aeb4de16056c8145e605ea4f4c7b5b48c8197ed9abae6
SHA512

fa12dfb9e26919a12c04b7243650a7fa387c626cfc9ee1c996f7ad09ec6f603c1b7e02a36c18cded60c378fddf0bed25f1c027ca452eea9777c249e77ed9cd00
SSDEEP

384:oRJIWxCFhLHm61vHD46Pi85P8fTmZoailZcdde0rMgQAsssssssssssssssssssv:oRJIWShC8P8M5nHOWj5ANOW

Score

10^/10

gh0strat persistence rat

Malware Config

Targets

- Target
  
  d798b83aaafcfcbcd02aeb4de16056c8145e605ea4f4c7b5b48c8197ed9abae6
- Size
  
  128KB
- MD5
  
  bf0211b163b1af5fcc250d4888469ff3
- SHA1
  
  f52c3e42de53cd27c0194b7ebd14de58414ed963
- SHA256
  
  d798b83aaafcfcbcd02aeb4de16056c8145e605ea4f4c7b5b48c8197ed9abae6
- SHA512
  
  fa12dfb9e26919a12c04b7243650a7fa387c626cfc9ee1c996f7ad09ec6f603c1b7e02a36c18cded60c378fddf0bed25f1c027ca452eea9777c249e77ed9cd00
- SSDEEP
  
  384:oRJIWxCFhLHm61vHD46Pi85P8fTmZoailZcdde0rMgQAsssssssssssssssssssv:oRJIWShC8P8M5nHOWj5ANOW
Score

10^/10

gh0strat persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratpersistencerat

behavioral2

gh0stratpersistencerat