gh0strat | cf8868488265099f27203aff7ff4881ae8ae383d9086a4b02865223783b69b29 | Triage

Sharing

General

Target

cf8868488265099f27203aff7ff4881ae8ae383d9086a4b02865223783b69b29
Size

1.4MB
Sample

240526-c21mnace76
MD5

4f5ab30c2cb5f48a10d6f332815058e3
SHA1

f58723681d2c514dcfea6db62a535d18b7f29355
SHA256

cf8868488265099f27203aff7ff4881ae8ae383d9086a4b02865223783b69b29
SHA512

24412038b8596712aa400f2b69e1e0909d47544b11ec466845cef2dcd0fed6d4cdbcda0586b90b08ba194ba4666aa608074e1a7b6cc8de9be82876c08554882c
SSDEEP

24576:iYFbkIsaPiXSVnC7Yp9zkNmZG8RRlngyzHiA:iYREXSVMDi3H

Score

10^/10

gh0strat persistence rat

Malware Config

Targets

- Target
  
  cf8868488265099f27203aff7ff4881ae8ae383d9086a4b02865223783b69b29
- Size
  
  1.4MB
- MD5
  
  4f5ab30c2cb5f48a10d6f332815058e3
- SHA1
  
  f58723681d2c514dcfea6db62a535d18b7f29355
- SHA256
  
  cf8868488265099f27203aff7ff4881ae8ae383d9086a4b02865223783b69b29
- SHA512
  
  24412038b8596712aa400f2b69e1e0909d47544b11ec466845cef2dcd0fed6d4cdbcda0586b90b08ba194ba4666aa608074e1a7b6cc8de9be82876c08554882c
- SSDEEP
  
  24576:iYFbkIsaPiXSVnC7Yp9zkNmZG8RRlngyzHiA:iYREXSVMDi3H
Score

10^/10

gh0strat persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Sets DLL path for service in the registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gh0stratpersistencerat

behavioral2

gh0stratpersistencerat