gh0strat | dec33fdcb95c2d9f8f99cb6793f90121cdc40ed8bb86c110e8c7a2f0983c3f49 | Triage

Sharing

General

Target

dec33fdcb95c2d9f8f99cb6793f90121cdc40ed8bb86c110e8c7a2f0983c3f49
Size

48KB
Sample

230930-nxqsfabb5z
MD5

ea6540fe95c3494c07235e2e9ca17a0e
SHA1

4bb6030b37dba86d962c3c2ca52acd9f42ea1a6a
SHA256

dec33fdcb95c2d9f8f99cb6793f90121cdc40ed8bb86c110e8c7a2f0983c3f49
SHA512

9534a4959d9b7ffaf7a09f8c8417b6f1660d451d3b3bc65159d778fb152542f02804f506e9d9389798cf17a7fc69519422d85dbc9761a4c252cb03294bf40f1d
SSDEEP

384:1PzIYf7VZ3CegxnBDPu1Cnpnbau+1AMKimDJ19y1Z0Pedf82t0iwd5ASc:BzBf7VZ3CXvDPuIpOu+SMoseOk2aiI2

Score

10^/10

gh0strat persistence rat

Malware Config

Targets

- Target
  
  dec33fdcb95c2d9f8f99cb6793f90121cdc40ed8bb86c110e8c7a2f0983c3f49
- Size
  
  48KB
- MD5
  
  ea6540fe95c3494c07235e2e9ca17a0e
- SHA1
  
  4bb6030b37dba86d962c3c2ca52acd9f42ea1a6a
- SHA256
  
  dec33fdcb95c2d9f8f99cb6793f90121cdc40ed8bb86c110e8c7a2f0983c3f49
- SHA512
  
  9534a4959d9b7ffaf7a09f8c8417b6f1660d451d3b3bc65159d778fb152542f02804f506e9d9389798cf17a7fc69519422d85dbc9761a4c252cb03294bf40f1d
- SSDEEP
  
  384:1PzIYf7VZ3CegxnBDPu1Cnpnbau+1AMKimDJ19y1Z0Pedf82t0iwd5ASc:BzBf7VZ3CXvDPuIpOu+SMoseOk2aiI2
Score

10^/10

gh0strat persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratpersistencerat

behavioral2

gh0stratpersistencerat