gh0strat | a8202f8a70a8293c62f2a7fe10d8b1a428842c36d76f5299ee76041e0bbe2118

Analysis

max time kernel
149s
max time network
152s
platform
windows7_x64
resource
win7-20240319-en
resource tags

arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
submitted
17/04/2024, 16:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a8202f8a70a8293c62f2a7fe10d8b1a428842c36d76f5299ee76041e0bbe2118.exe
Size

1.2MB
MD5

040d50a1687412961e3ffa248fffbe5b
SHA1

b7320652f37feba0e1f6184a421e636f46f33c50
SHA256

a8202f8a70a8293c62f2a7fe10d8b1a428842c36d76f5299ee76041e0bbe2118
SHA512

92cbfe7a3e4f73e5bf16c201cbe53afdb40e9d3564e46a4ed90f1a1af75425b42eadef516003e74aeea2d59989c3587115cff20faa3a71aa667290627b30cd14
SSDEEP

24576:h2US/bDqmLBq25dwxZVPX8D/erEFyrWCuCJa+mHH7K:h21qiBH0VP2eAnXCJx62

Score

10^/10

gh0strat rat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
behavioral1/memory/1996-8698-0x0000000000400000-0x0000000000590000-memory.dmp	family_gh0strat

Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
rat gh0strat

Suspicious use of NtSetInformationThreadHideFromDebugger 28 IoCs

pid	Process
1996	a8202f8a70a8293c62f2a7fe10d8b1a428842c36d76f5299ee76041e0bbe2118.exe
1996	a8202f8a70a8293c62f2a7fe10d8b1a428842c36d76f5299ee76041e0bbe2118.exe
1996	a8202f8a70a8293c62f2a7fe10d8b1a428842c36d76f5299ee76041e0bbe2118.exe
1996	a8202f8a70a8293c62f2a7fe10d8b1a428842c36d76f5299ee76041e0bbe2118.exe
1996	a8202f8a70a8293c62f2a7fe10d8b1a428842c36d76f5299ee76041e0bbe2118.exe
1996	a8202f8a70a8293c62f2a7fe10d8b1a428842c36d76f5299ee76041e0bbe2118.exe
1996	a8202f8a70a8293c62f2a7fe10d8b1a428842c36d76f5299ee76041e0bbe2118.exe
1996	a8202f8a70a8293c62f2a7fe10d8b1a428842c36d76f5299ee76041e0bbe2118.exe
1996	a8202f8a70a8293c62f2a7fe10d8b1a428842c36d76f5299ee76041e0bbe2118.exe
1996	a8202f8a70a8293c62f2a7fe10d8b1a428842c36d76f5299ee76041e0bbe2118.exe
1996	a8202f8a70a8293c62f2a7fe10d8b1a428842c36d76f5299ee76041e0bbe2118.exe
1996	a8202f8a70a8293c62f2a7fe10d8b1a428842c36d76f5299ee76041e0bbe2118.exe
1996	a8202f8a70a8293c62f2a7fe10d8b1a428842c36d76f5299ee76041e0bbe2118.exe
1996	a8202f8a70a8293c62f2a7fe10d8b1a428842c36d76f5299ee76041e0bbe2118.exe
1996	a8202f8a70a8293c62f2a7fe10d8b1a428842c36d76f5299ee76041e0bbe2118.exe
1996	a8202f8a70a8293c62f2a7fe10d8b1a428842c36d76f5299ee76041e0bbe2118.exe
1996	a8202f8a70a8293c62f2a7fe10d8b1a428842c36d76f5299ee76041e0bbe2118.exe
1996	a8202f8a70a8293c62f2a7fe10d8b1a428842c36d76f5299ee76041e0bbe2118.exe
1996	a8202f8a70a8293c62f2a7fe10d8b1a428842c36d76f5299ee76041e0bbe2118.exe
1996	a8202f8a70a8293c62f2a7fe10d8b1a428842c36d76f5299ee76041e0bbe2118.exe
1996	a8202f8a70a8293c62f2a7fe10d8b1a428842c36d76f5299ee76041e0bbe2118.exe
1996	a8202f8a70a8293c62f2a7fe10d8b1a428842c36d76f5299ee76041e0bbe2118.exe
1996	a8202f8a70a8293c62f2a7fe10d8b1a428842c36d76f5299ee76041e0bbe2118.exe
1996	a8202f8a70a8293c62f2a7fe10d8b1a428842c36d76f5299ee76041e0bbe2118.exe
1996	a8202f8a70a8293c62f2a7fe10d8b1a428842c36d76f5299ee76041e0bbe2118.exe
1996	a8202f8a70a8293c62f2a7fe10d8b1a428842c36d76f5299ee76041e0bbe2118.exe
1996	a8202f8a70a8293c62f2a7fe10d8b1a428842c36d76f5299ee76041e0bbe2118.exe
1996	a8202f8a70a8293c62f2a7fe10d8b1a428842c36d76f5299ee76041e0bbe2118.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1996	a8202f8a70a8293c62f2a7fe10d8b1a428842c36d76f5299ee76041e0bbe2118.exe

C:\Users\Admin\AppData\Local\Temp\a8202f8a70a8293c62f2a7fe10d8b1a428842c36d76f5299ee76041e0bbe2118.exe
"C:\Users\Admin\AppData\Local\Temp\a8202f8a70a8293c62f2a7fe10d8b1a428842c36d76f5299ee76041e0bbe2118.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: RenamesItself
PID:1996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1996-0-0x0000000000400000-0x0000000000590000-memory.dmp

Filesize
1.6MB

Download
memory/1996-1-0x0000000076050000-0x0000000076097000-memory.dmp

Filesize
284KB

Download
memory/1996-812-0x0000000002320000-0x0000000002431000-memory.dmp

Filesize
1.1MB

Download
memory/1996-811-0x0000000002320000-0x0000000002431000-memory.dmp

Filesize
1.1MB

Download
memory/1996-814-0x0000000002320000-0x0000000002431000-memory.dmp

Filesize
1.1MB

Download
memory/1996-816-0x0000000002320000-0x0000000002431000-memory.dmp

Filesize
1.1MB

Download
memory/1996-818-0x0000000002320000-0x0000000002431000-memory.dmp

Filesize
1.1MB

Download
memory/1996-820-0x0000000002320000-0x0000000002431000-memory.dmp

Filesize
1.1MB

Download
memory/1996-822-0x0000000002320000-0x0000000002431000-memory.dmp

Filesize
1.1MB

Download
memory/1996-824-0x0000000002320000-0x0000000002431000-memory.dmp

Filesize
1.1MB

Download
memory/1996-826-0x0000000002320000-0x0000000002431000-memory.dmp

Filesize
1.1MB

Download
memory/1996-828-0x0000000002320000-0x0000000002431000-memory.dmp

Filesize
1.1MB

Download
memory/1996-830-0x0000000002320000-0x0000000002431000-memory.dmp

Filesize
1.1MB

Download
memory/1996-832-0x0000000002320000-0x0000000002431000-memory.dmp

Filesize
1.1MB

Download
memory/1996-834-0x0000000002320000-0x0000000002431000-memory.dmp

Filesize
1.1MB

Download
memory/1996-836-0x0000000002320000-0x0000000002431000-memory.dmp

Filesize
1.1MB

Download
memory/1996-838-0x0000000002320000-0x0000000002431000-memory.dmp

Filesize
1.1MB

Download
memory/1996-840-0x0000000002320000-0x0000000002431000-memory.dmp

Filesize
1.1MB

Download
memory/1996-842-0x0000000002320000-0x0000000002431000-memory.dmp

Filesize
1.1MB

Download
memory/1996-844-0x0000000002320000-0x0000000002431000-memory.dmp

Filesize
1.1MB

Download
memory/1996-846-0x0000000002320000-0x0000000002431000-memory.dmp

Filesize
1.1MB

Download
memory/1996-848-0x0000000002320000-0x0000000002431000-memory.dmp

Filesize
1.1MB

Download
memory/1996-850-0x0000000002320000-0x0000000002431000-memory.dmp

Filesize
1.1MB

Download
memory/1996-852-0x0000000002320000-0x0000000002431000-memory.dmp

Filesize
1.1MB

Download
memory/1996-854-0x0000000002320000-0x0000000002431000-memory.dmp

Filesize
1.1MB

Download
memory/1996-856-0x0000000002320000-0x0000000002431000-memory.dmp

Filesize
1.1MB

Download
memory/1996-858-0x0000000002320000-0x0000000002431000-memory.dmp

Filesize
1.1MB

Download
memory/1996-860-0x0000000002320000-0x0000000002431000-memory.dmp

Filesize
1.1MB

Download
memory/1996-862-0x0000000002320000-0x0000000002431000-memory.dmp

Filesize
1.1MB

Download
memory/1996-864-0x0000000002320000-0x0000000002431000-memory.dmp

Filesize
1.1MB

Download
memory/1996-866-0x0000000002320000-0x0000000002431000-memory.dmp

Filesize
1.1MB

Download
memory/1996-868-0x0000000002320000-0x0000000002431000-memory.dmp

Filesize
1.1MB

Download
memory/1996-870-0x0000000002320000-0x0000000002431000-memory.dmp

Filesize
1.1MB

Download
memory/1996-872-0x0000000002320000-0x0000000002431000-memory.dmp

Filesize
1.1MB

Download
memory/1996-2547-0x0000000002070000-0x00000000021F1000-memory.dmp

Filesize
1.5MB

Download
memory/1996-8689-0x0000000002320000-0x0000000002431000-memory.dmp

Filesize
1.1MB

Download
memory/1996-8694-0x0000000000400000-0x0000000000590000-memory.dmp

Filesize
1.6MB

Download
memory/1996-8698-0x0000000000400000-0x0000000000590000-memory.dmp

Filesize
1.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads