gh0strat | 04fa91caed041e182fc2781093b24b479172ea1af61f357fef168af63c611067 | Triage

Sharing

General

Target

04fa91caed041e182fc2781093b24b479172ea1af61f357fef168af63c611067
Size

1.0MB
Sample

231121-dpqscsce3x
MD5

3374fbe1f5275dbe9c4cc5c0d1f3d68a
SHA1

7b0dc5e6344ee69e65c2f2de081c6974f1b47108
SHA256

04fa91caed041e182fc2781093b24b479172ea1af61f357fef168af63c611067
SHA512

04b544faddea26106b37035b22d8783ce9e531e71defb007974d0e404a0318aa27aa28d495880bb83b4fa66763136a1ed4119ee8bdd1d2c777fc30252f8d7798
SSDEEP

24576:j5ivkcQJmbrZHv4H8dB6TPuyBez8O89E8ZHLC:jQOuVHv4H8dB6TPzBuo9E+W

Score

10^/10

gh0strat rat

Malware Config

Extracted

Family

gh0strat

C2

202.146.218.9

Targets

- Target
  
  04fa91caed041e182fc2781093b24b479172ea1af61f357fef168af63c611067
- Size
  
  1.0MB
- MD5
  
  3374fbe1f5275dbe9c4cc5c0d1f3d68a
- SHA1
  
  7b0dc5e6344ee69e65c2f2de081c6974f1b47108
- SHA256
  
  04fa91caed041e182fc2781093b24b479172ea1af61f357fef168af63c611067
- SHA512
  
  04b544faddea26106b37035b22d8783ce9e531e71defb007974d0e404a0318aa27aa28d495880bb83b4fa66763136a1ed4119ee8bdd1d2c777fc30252f8d7798
- SSDEEP
  
  24576:j5ivkcQJmbrZHv4H8dB6TPuyBez8O89E8ZHLC:jQOuVHv4H8dB6TPzBuo9E+W
Score

10^/10

gh0strat rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2