gh0strat | 78c306a02f8a7e8a0584243301d15aaa311194e8d5c90c33da39951e716e3d3a | Triage

Sharing

General

Target

23e43d7a5d3e5422e7369143f6b0c461
Size

916KB
Sample

231231-cjrl2aebh9
MD5

23e43d7a5d3e5422e7369143f6b0c461
SHA1

fab82ebd489b3b6e229f38252c248536f6116a68
SHA256

78c306a02f8a7e8a0584243301d15aaa311194e8d5c90c33da39951e716e3d3a
SHA512

a9a99b49d5a43a3817fefb59da91491eadaf3ec27c932458f5c5361590a40e21b18a4d5e926b56fc37aa4b27c1f5f01e83f3a8b0907c1001368f7be2803beca6
SSDEEP

12288:iM5jZKbBL3aKHx5r+TuxX+fWbwFBfdGmZRJ:iM5j8Z3aKHx5r+TuxX+IwffFZRJ

Score

10^/10

gh0strat persistence rat

Malware Config

Targets

- Target
  
  23e43d7a5d3e5422e7369143f6b0c461
- Size
  
  916KB
- MD5
  
  23e43d7a5d3e5422e7369143f6b0c461
- SHA1
  
  fab82ebd489b3b6e229f38252c248536f6116a68
- SHA256
  
  78c306a02f8a7e8a0584243301d15aaa311194e8d5c90c33da39951e716e3d3a
- SHA512
  
  a9a99b49d5a43a3817fefb59da91491eadaf3ec27c932458f5c5361590a40e21b18a4d5e926b56fc37aa4b27c1f5f01e83f3a8b0907c1001368f7be2803beca6
- SSDEEP
  
  12288:iM5jZKbBL3aKHx5r+TuxX+fWbwFBfdGmZRJ:iM5j8Z3aKHx5r+TuxX+IwffFZRJ
Score

10^/10

gh0strat persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratpersistencerat

behavioral2

gh0stratpersistencerat