gh0strat | 44f4a8662e7a4ffdd3781264d89f7efdb8c7009378c874c4e854a6be0fd4c734 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

23d503c307787309bdc8a20b67f13f04
Size

206KB
Sample

231225-rbcv8seehk
MD5

23d503c307787309bdc8a20b67f13f04
SHA1

49ac87768a1cfba4f5c5fcbb536bc477a6c1c47b
SHA256

44f4a8662e7a4ffdd3781264d89f7efdb8c7009378c874c4e854a6be0fd4c734
SHA512

3e7515c48c2b349a31b18a1e6912643a543cbc6bf35eac222791b26ddbb7089e461aca5b01e2fa0d9b0e85ef4e8f1a5e5e034139f1b06a088c5fe0b3c8f151ba
SSDEEP

6144:52Rnh5Es0m2EI7RNYQRWSXoD000W000W000m:5eh5Es0YIdNP3k

Score

10^/10

gh0strat persistence rat

Malware Config

Targets

- Target
  
  23d503c307787309bdc8a20b67f13f04
- Size
  
  206KB
- MD5
  
  23d503c307787309bdc8a20b67f13f04
- SHA1
  
  49ac87768a1cfba4f5c5fcbb536bc477a6c1c47b
- SHA256
  
  44f4a8662e7a4ffdd3781264d89f7efdb8c7009378c874c4e854a6be0fd4c734
- SHA512
  
  3e7515c48c2b349a31b18a1e6912643a543cbc6bf35eac222791b26ddbb7089e461aca5b01e2fa0d9b0e85ef4e8f1a5e5e034139f1b06a088c5fe0b3c8f151ba
- SSDEEP
  
  6144:52Rnh5Es0m2EI7RNYQRWSXoD000W000W000m:5eh5Es0YIdNP3k
Score

10^/10

gh0strat persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratpersistencerat

behavioral2

gh0stratpersistencerat