gh0strat | 75349d0a4c6ee7c9da68a37a2f29bf5daaf25be4cc87bde3a77b0ef18444d51e | Triage

Submit
Reports

Overview

overview

Static

static

3

75349d0a4c...1e.exe

windows7-x64

75349d0a4c...1e.exe

windows10-2004-x64

Sharing

General

Target

75349d0a4c6ee7c9da68a37a2f29bf5daaf25be4cc87bde3a77b0ef18444d51e
Size

10.3MB
Sample

240525-yxq4bagg2t
MD5

fd188fc54707f4d8d937f477b531f134
SHA1

e5b80f5af6d5dc5359531619434080e7c60b9ca7
SHA256

75349d0a4c6ee7c9da68a37a2f29bf5daaf25be4cc87bde3a77b0ef18444d51e
SHA512

dcd26212ee963c28a29296a3b3a4d1357925ec8a23dc4e3baa9ccf1ba86ef86e398f1dc4b4e8d48ed971ed805bd5bd217032445badc1801c8594780a3806c8a3
SSDEEP

98304:F2SVMD8F+iMXkK2zxS2I1XtNEUf42MfPU1gBIBcjyaEIlWyZ6D:NDVMXk0XXtNEO2c1vBcje

Score

10^/10

gh0strat persistence rat upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

75349d0a4c6ee7c9da68a37a2f29bf5daaf25be4cc87bde3a77b0ef18444d51e.exe

Resource

win7-20240221-en

gh0strat persistence rat upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

75349d0a4c6ee7c9da68a37a2f29bf5daaf25be4cc87bde3a77b0ef18444d51e.exe

Resource

win10v2004-20240508-en

gh0strat persistence rat upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  75349d0a4c6ee7c9da68a37a2f29bf5daaf25be4cc87bde3a77b0ef18444d51e
- Size
  
  10.3MB
- MD5
  
  fd188fc54707f4d8d937f477b531f134
- SHA1
  
  e5b80f5af6d5dc5359531619434080e7c60b9ca7
- SHA256
  
  75349d0a4c6ee7c9da68a37a2f29bf5daaf25be4cc87bde3a77b0ef18444d51e
- SHA512
  
  dcd26212ee963c28a29296a3b3a4d1357925ec8a23dc4e3baa9ccf1ba86ef86e398f1dc4b4e8d48ed971ed805bd5bd217032445badc1801c8594780a3806c8a3
- SSDEEP
  
  98304:F2SVMD8F+iMXkK2zxS2I1XtNEUf42MfPU1gBIBcjyaEIlWyZ6D:NDVMXk0XXtNEO2c1vBcje
Score

10^/10

gh0strat persistence rat upx
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Sets DLL path for service in the registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratpersistenceratupx

behavioral2

gh0stratpersistenceratupx

© 2018-2024

Terms | Privacy