gh0strat | f85f55b11d4a57b986e488c7392d0a2b1a6c02b822372254f0e4814e5e2f0ae0 | Triage

Sharing

General

Target

f85f55b11d4a57b986e488c7392d0a2b1a6c02b822372254f0e4814e5e2f0ae0
Size

40KB
Sample

231012-jrmrdafc6x
MD5

1262c317a4bd23f059b6007571ce70a6
SHA1

fe8802282a9e66cac4cba6af2c91e759b45aad14
SHA256

f85f55b11d4a57b986e488c7392d0a2b1a6c02b822372254f0e4814e5e2f0ae0
SHA512

68fc22ec17cd92f0bb2ded885c9e58ded87a0166244e1341e1890ce83c4be239de8e1f1d88a79362961f727749937eb8c9447743695dfa1f787890021275217c
SSDEEP

384:Iq/btbJG9YmWHcdaILhRleEZn8Xy12qrzRDtadcvWd:IkttGXRs0jlew8U2qyJd

Score

10^/10

gh0strat persistence rat

Malware Config

Targets

- Target
  
  f85f55b11d4a57b986e488c7392d0a2b1a6c02b822372254f0e4814e5e2f0ae0
- Size
  
  40KB
- MD5
  
  1262c317a4bd23f059b6007571ce70a6
- SHA1
  
  fe8802282a9e66cac4cba6af2c91e759b45aad14
- SHA256
  
  f85f55b11d4a57b986e488c7392d0a2b1a6c02b822372254f0e4814e5e2f0ae0
- SHA512
  
  68fc22ec17cd92f0bb2ded885c9e58ded87a0166244e1341e1890ce83c4be239de8e1f1d88a79362961f727749937eb8c9447743695dfa1f787890021275217c
- SSDEEP
  
  384:Iq/btbJG9YmWHcdaILhRleEZn8Xy12qrzRDtadcvWd:IkttGXRs0jlew8U2qyJd
Score

10^/10

gh0strat persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratpersistencerat

behavioral2

gh0stratpersistencerat