gh0strat | 14e9f6b17758c84db9a2cc42f99ee091de58922a796c343cff0f5ed3d3cd8835 | Triage

Submit
Reports

Overview

overview

Static

static

3

35212d6256...6b.exe

windows7-x64

35212d6256...6b.exe

windows10-2004-x64

7

Sharing

General

Target

35212d6256a04fc5e0ece3985f15396b.exe
Size

150KB
Sample

240102-sw97xagfgj
MD5

35212d6256a04fc5e0ece3985f15396b
SHA1

cec766f69d2bbfa0260c7ad3ddb2ac131f193e8e
SHA256

14e9f6b17758c84db9a2cc42f99ee091de58922a796c343cff0f5ed3d3cd8835
SHA512

19be7faa18081be4c44050a54d26ea662dae8220f0ab093a5dd659ba4ccab37ff57a221155bb7ab3a841d23ef5859b67ebbfda497d620565dd9eff8bc7347f93
SSDEEP

3072:/VhUTNt0TSmLGkhjKXFvIGk6H0ydpZTr5iSTNL9cEVz3CiODcRwZV:dkt0TSZkhWVvI+UupZTr5iSVrLmck

Score

10^/10

gh0strat rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

35212d6256a04fc5e0ece3985f15396b.exe

Resource

win7-20231215-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

35212d6256a04fc5e0ece3985f15396b.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  35212d6256a04fc5e0ece3985f15396b.exe
- Size
  
  150KB
- MD5
  
  35212d6256a04fc5e0ece3985f15396b
- SHA1
  
  cec766f69d2bbfa0260c7ad3ddb2ac131f193e8e
- SHA256
  
  14e9f6b17758c84db9a2cc42f99ee091de58922a796c343cff0f5ed3d3cd8835
- SHA512
  
  19be7faa18081be4c44050a54d26ea662dae8220f0ab093a5dd659ba4ccab37ff57a221155bb7ab3a841d23ef5859b67ebbfda497d620565dd9eff8bc7347f93
- SSDEEP
  
  3072:/VhUTNt0TSmLGkhjKXFvIGk6H0ydpZTr5iSTNL9cEVz3CiODcRwZV:dkt0TSZkhWVvI+UupZTr5iSVrLmck
Score

10^/10

gh0strat rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy