gh0strat | 11e77149273cd76c7184bb3e71495fa96c500b3464c6db24d73a40396f591b00 | Triage

Sharing

General

Target

tmp
Size

36KB
Sample

231011-nye3bsda4y
MD5

3081a5b7b69d3d3eeecad83c820b042c
SHA1

23fac35ccffcd5e03ae90c2d0ce06cfbba06b7a4
SHA256

11e77149273cd76c7184bb3e71495fa96c500b3464c6db24d73a40396f591b00
SHA512

cf0a157342fc4656be2713540cba701656821c122cf053de882d4ea28872b54a09be0fdb645d219296ee4981197f22628a436437e8caac8496c0898f0345e506
SSDEEP

384:JCvgBCtCpvI736A3N1CUBTgPMEaI5j/QxRKBkG:UvgYt6vI736c3TgUEZ5j/QxRKBkG

Score

10^/10

gh0strat persistence rat

Malware Config

Targets

- Target
  
  tmp
- Size
  
  36KB
- MD5
  
  3081a5b7b69d3d3eeecad83c820b042c
- SHA1
  
  23fac35ccffcd5e03ae90c2d0ce06cfbba06b7a4
- SHA256
  
  11e77149273cd76c7184bb3e71495fa96c500b3464c6db24d73a40396f591b00
- SHA512
  
  cf0a157342fc4656be2713540cba701656821c122cf053de882d4ea28872b54a09be0fdb645d219296ee4981197f22628a436437e8caac8496c0898f0345e506
- SSDEEP
  
  384:JCvgBCtCpvI736A3N1CUBTgPMEaI5j/QxRKBkG:UvgYt6vI736c3TgUEZ5j/QxRKBkG
Score

10^/10

gh0strat persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratpersistencerat

behavioral2

gh0stratpersistencerat