gh0strat | 6af6e64202cb3703d3b054d33d7cea6514bd583a07b81148dddc82194df830e8 | Triage

Submit
Reports

Overview

overview

Static

static

3

NEAS.3b443...00.exe

windows7-x64

NEAS.3b443...00.exe

windows10-2004-x64

Sharing

General

Target

NEAS.3b4435c492862dbcbe76824854c02600.exe
Size

135KB
Sample

231014-wfhz9sbc55
MD5

3b4435c492862dbcbe76824854c02600
SHA1

9582f5a6baa9a20a67d8aef685f5845715794d73
SHA256

6af6e64202cb3703d3b054d33d7cea6514bd583a07b81148dddc82194df830e8
SHA512

d016e4dc26a3593aba3ab036ded8f70e4a3ded1af7ab965d2d03d4df98ad8b7083dd56e5f66148f1ba233f292f20f9693138e522ece2d0ee3d4aaa39eac2bb73
SSDEEP

3072:e02gsmbHGhqCkQINRiUsIPZLJh90vbXDztaZ14a8l:87m6hqCfysKEz8Z1Fg

Score

10^/10

gh0strat rat upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

NEAS.3b4435c492862dbcbe76824854c02600.exe

Resource

win7-20230831-en

gh0strat rat upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

NEAS.3b4435c492862dbcbe76824854c02600.exe

Resource

win10v2004-20230915-en

gh0strat rat upx

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  NEAS.3b4435c492862dbcbe76824854c02600.exe
- Size
  
  135KB
- MD5
  
  3b4435c492862dbcbe76824854c02600
- SHA1
  
  9582f5a6baa9a20a67d8aef685f5845715794d73
- SHA256
  
  6af6e64202cb3703d3b054d33d7cea6514bd583a07b81148dddc82194df830e8
- SHA512
  
  d016e4dc26a3593aba3ab036ded8f70e4a3ded1af7ab965d2d03d4df98ad8b7083dd56e5f66148f1ba233f292f20f9693138e522ece2d0ee3d4aaa39eac2bb73
- SSDEEP
  
  3072:e02gsmbHGhqCkQINRiUsIPZLJh90vbXDztaZ14a8l:87m6hqCfysKEz8Z1Fg
Score

10^/10

gh0strat rat upx
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy