gh0strat | 69f8c0ce446c16ea7a4d153f806f6147ee31ef20236cc5144e2c89176cd5e467 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.5b9227770c943413405ea54c16954940.exe
Size

304KB
Sample

231021-z7b8ksde3w
MD5

5b9227770c943413405ea54c16954940
SHA1

84e2661f4e4c94ddcef6f67325c9bfd3722946e9
SHA256

69f8c0ce446c16ea7a4d153f806f6147ee31ef20236cc5144e2c89176cd5e467
SHA512

3bd753e10b9f536246836f0b275f01228bfa58669e3b8497dd29937798e2b485637244dcd575f028fc88a6ced2c8e731edf0de1dbd5e0bd9c716c044e57724ab
SSDEEP

6144:eiTtiWB0sL7tSJ5pp34O5/4G7v4G7AWFN:FXB0sdSrpNtzJAy

Score

10^/10

gh0strat persistence rat

Malware Config

Targets

- Target
  
  NEAS.5b9227770c943413405ea54c16954940.exe
- Size
  
  304KB
- MD5
  
  5b9227770c943413405ea54c16954940
- SHA1
  
  84e2661f4e4c94ddcef6f67325c9bfd3722946e9
- SHA256
  
  69f8c0ce446c16ea7a4d153f806f6147ee31ef20236cc5144e2c89176cd5e467
- SHA512
  
  3bd753e10b9f536246836f0b275f01228bfa58669e3b8497dd29937798e2b485637244dcd575f028fc88a6ced2c8e731edf0de1dbd5e0bd9c716c044e57724ab
- SSDEEP
  
  6144:eiTtiWB0sL7tSJ5pp34O5/4G7v4G7AWFN:FXB0sdSrpNtzJAy
Score

10^/10

gh0strat persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratpersistencerat

behavioral2