gh0strat | 102a7c55239a05678a668ab8d212e9fe4ca80393abeeab39cdeb99002a739d9a | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

102a7c5523...9a.dll

windows7-x64

102a7c5523...9a.dll

windows10-2004-x64

Sharing

General

Target

102a7c55239a05678a668ab8d212e9fe4ca80393abeeab39cdeb99002a739d9a
Size

51KB
Sample

240524-ryb78ahd2w
MD5

d0f3718f05b2ee0ede6953ee5a02c5b1
SHA1

0ca839305e027d7ac598fc5d06403c3b2c7a540a
SHA256

102a7c55239a05678a668ab8d212e9fe4ca80393abeeab39cdeb99002a739d9a
SHA512

83bee426db99a74374318b10650536717a23f4a53f196f82d00b56bdad245142c437c4dc02db99bc0c0c338da3a53ffde45c0a8dc0d9eeb8c6d86e06f9d410f8
SSDEEP

1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLgJYH5:1dWubF3n9S91BF3fbo0JYH5

Score

10^/10

gh0strat rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

102a7c55239a05678a668ab8d212e9fe4ca80393abeeab39cdeb99002a739d9a.dll

Resource

win7-20240508-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

102a7c55239a05678a668ab8d212e9fe4ca80393abeeab39cdeb99002a739d9a.dll

Resource

win10v2004-20240508-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

gh0strat

C2

kinh.xmcxmr.com

Targets

- Target
  
  102a7c55239a05678a668ab8d212e9fe4ca80393abeeab39cdeb99002a739d9a
- Size
  
  51KB
- MD5
  
  d0f3718f05b2ee0ede6953ee5a02c5b1
- SHA1
  
  0ca839305e027d7ac598fc5d06403c3b2c7a540a
- SHA256
  
  102a7c55239a05678a668ab8d212e9fe4ca80393abeeab39cdeb99002a739d9a
- SHA512
  
  83bee426db99a74374318b10650536717a23f4a53f196f82d00b56bdad245142c437c4dc02db99bc0c0c338da3a53ffde45c0a8dc0d9eeb8c6d86e06f9d410f8
- SSDEEP
  
  1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLgJYH5:1dWubF3n9S91BF3fbo0JYH5
Score

10^/10

gh0strat rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.