gh0strat | 896679389fe34c785b9cfa9b82f40a9d425d82c99eb60dd044290b903d147646

Analysis

max time kernel
141s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08/03/2024, 20:49

Target

896679389fe34c785b9cfa9b82f40a9d425d82c99eb60dd044290b903d147646.exe
Size

1.4MB
MD5

81c9cc32789ba6be901e2c9ab6b523dd
SHA1

1ab0a4681c91be6b579b06c7dc86ab9852f3dd6c
SHA256

896679389fe34c785b9cfa9b82f40a9d425d82c99eb60dd044290b903d147646
SHA512

0ce97e53c2e814b3ab3aca0ca9e28f0b8c600f90bc070a81f40f33e6c2a48584d641adac2215f72ba1c8d4476f6e1d1070f43b3f638434d9fcea6b2bba643a86
SSDEEP

12288:gE4VtOdKUTUYJEPJ++/Ms2LhUyEQgR1O:gE4ViJ4sEQmMBUbQgb

Score

10^/10

gh0strat rat

Gh0st RAT payload 2 IoCs

resource	yara_rule
behavioral2/memory/2252-1-0x0000000010000000-0x0000000010015000-memory.dmp	family_gh0strat
behavioral2/memory/2252-4-0x00000000004F0000-0x000000000067E000-memory.dmp	family_gh0strat

Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
rat gh0strat

C:\Users\Admin\AppData\Local\Temp\896679389fe34c785b9cfa9b82f40a9d425d82c99eb60dd044290b903d147646.exe
"C:\Users\Admin\AppData\Local\Temp\896679389fe34c785b9cfa9b82f40a9d425d82c99eb60dd044290b903d147646.exe"
1⤵
PID:2252

memory/2252-0-0x00000000004F0000-0x000000000067E000-memory.dmp

Filesize
1.6MB

Download
memory/2252-1-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/2252-4-0x00000000004F0000-0x000000000067E000-memory.dmp

Filesize
1.6MB

Download