gh0strat | e8b47dc9b7ef12f900b0bd04b47af64527a12fda9e08dfa67ae6c39b55d9f02d | Triage

Submit
Reports

Overview

overview

Static

static

3

e8b47dc9b7...2d.exe

windows7-x64

e8b47dc9b7...2d.exe

windows10-2004-x64

Sharing

General

Target

e8b47dc9b7ef12f900b0bd04b47af64527a12fda9e08dfa67ae6c39b55d9f02d
Size

2.3MB
Sample

240425-qkxfkaba9v
MD5

5bd70186899c032e2f05fe9894c02698
SHA1

5a3a792a406f7a75c58e1b72fe24acffb8b088bd
SHA256

e8b47dc9b7ef12f900b0bd04b47af64527a12fda9e08dfa67ae6c39b55d9f02d
SHA512

1049c54a7c2ccd36bef6cee5853da8e931889fbe045b0a189e6d13090df8b443ed228f3abe9ba4dc8338eee3a97fd6b6e2a5267e35f9a90a8b35cf109c0ea790
SSDEEP

49152:x1vKR2L2PzCOXeiBFuKqFt9yW3Dv5lju+AVJ366N5zr9pgNrZgX8IwQk0:v8TeEFuKqFtcWTRljuZj9pigX8If

Score

10^/10

gh0strat evasion rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e8b47dc9b7ef12f900b0bd04b47af64527a12fda9e08dfa67ae6c39b55d9f02d.exe

Resource

win7-20240221-en

gh0strat evasion rat trojan upx

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

e8b47dc9b7ef12f900b0bd04b47af64527a12fda9e08dfa67ae6c39b55d9f02d.exe

Resource

win10v2004-20240412-en

gh0strat evasion rat trojan upx

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  e8b47dc9b7ef12f900b0bd04b47af64527a12fda9e08dfa67ae6c39b55d9f02d
- Size
  
  2.3MB
- MD5
  
  5bd70186899c032e2f05fe9894c02698
- SHA1
  
  5a3a792a406f7a75c58e1b72fe24acffb8b088bd
- SHA256
  
  e8b47dc9b7ef12f900b0bd04b47af64527a12fda9e08dfa67ae6c39b55d9f02d
- SHA512
  
  1049c54a7c2ccd36bef6cee5853da8e931889fbe045b0a189e6d13090df8b443ed228f3abe9ba4dc8338eee3a97fd6b6e2a5267e35f9a90a8b35cf109c0ea790
- SSDEEP
  
  49152:x1vKR2L2PzCOXeiBFuKqFt9yW3Dv5lju+AVJ366N5zr9pgNrZgX8IwQk0:v8TeEFuKqFtcWTRljuZj9pigX8If
Score

10^/10

gh0strat evasion rat trojan upx
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- UAC bypass
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gh0stratevasionrattrojanupx

behavioral2

gh0stratevasionrattrojanupx

© 2018-2024

Terms | Privacy