gh0strat | 3a5d187a32e724419e9f09e614e24d2d16a68bfe30dff50c377a1e9286d219a9 | Triage

Submit
Reports

Overview

overview

Static

static

3

1032a3ed09...64.exe

windows7-x64

1032a3ed09...64.exe

windows10-2004-x64

Sharing

General

Target

1032a3ed090f9abba2c1cba5f8412764
Size

143KB
Sample

231230-gce2wahdc7
MD5

1032a3ed090f9abba2c1cba5f8412764
SHA1

fb287a0a8a222221a9042f0b8ae52174b09ebb71
SHA256

3a5d187a32e724419e9f09e614e24d2d16a68bfe30dff50c377a1e9286d219a9
SHA512

652a75b4eae898980a643e09989869e5b3552f326df3582966f057dd1d9856915a198bcaac458b1f7766520eb2698f040964dc10478a5a65195b157cf0f70b15
SSDEEP

3072:C69iSZOmD27rRavfCCY8feFgtV4dfFO5pctyhUeqovd3B3E:C/Sc1oykcFu3hUeqoJB0

Score

10^/10

gh0strat rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1032a3ed090f9abba2c1cba5f8412764.exe

Resource

win7-20231215-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

1032a3ed090f9abba2c1cba5f8412764.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  1032a3ed090f9abba2c1cba5f8412764
- Size
  
  143KB
- MD5
  
  1032a3ed090f9abba2c1cba5f8412764
- SHA1
  
  fb287a0a8a222221a9042f0b8ae52174b09ebb71
- SHA256
  
  3a5d187a32e724419e9f09e614e24d2d16a68bfe30dff50c377a1e9286d219a9
- SHA512
  
  652a75b4eae898980a643e09989869e5b3552f326df3582966f057dd1d9856915a198bcaac458b1f7766520eb2698f040964dc10478a5a65195b157cf0f70b15
- SSDEEP
  
  3072:C69iSZOmD27rRavfCCY8feFgtV4dfFO5pctyhUeqovd3B3E:C/Sc1oykcFu3hUeqoJB0
Score

10^/10

gh0strat rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy