gh0strat | 9c762850f7c6268de0fda0271a8c2eea51d6a913d5d308415de597132ee2bd66 | Triage

Sharing

General

Target

9c762850f7c6268de0fda0271a8c2eea51d6a913d5d308415de597132ee2bd66
Size

1.5MB
Sample

240611-fjlmkawbjq
MD5

dbb12f3c0aabe1f6b1a07590759b4c78
SHA1

e5a68dec1f8c4404f460a32d14a315ab0861e180
SHA256

9c762850f7c6268de0fda0271a8c2eea51d6a913d5d308415de597132ee2bd66
SHA512

dd8e7b2d64d9a59330eb9383c1e8662a54abd1dc58a6689e26aa9192dff97b72b5e009707eb9f30a3a9d8cb8fe15cd1ba5dccbb11d6b8fb1adf5d1de286b2ef9
SSDEEP

24576:MYFbkIsaPiXSVnC7Yp9zkNmZG8RRln8yzH5Ezj:MYREXSVMDi3ZEzj

Score

10^/10

gh0strat persistence rat

Malware Config

Targets

- Target
  
  9c762850f7c6268de0fda0271a8c2eea51d6a913d5d308415de597132ee2bd66
- Size
  
  1.5MB
- MD5
  
  dbb12f3c0aabe1f6b1a07590759b4c78
- SHA1
  
  e5a68dec1f8c4404f460a32d14a315ab0861e180
- SHA256
  
  9c762850f7c6268de0fda0271a8c2eea51d6a913d5d308415de597132ee2bd66
- SHA512
  
  dd8e7b2d64d9a59330eb9383c1e8662a54abd1dc58a6689e26aa9192dff97b72b5e009707eb9f30a3a9d8cb8fe15cd1ba5dccbb11d6b8fb1adf5d1de286b2ef9
- SSDEEP
  
  24576:MYFbkIsaPiXSVnC7Yp9zkNmZG8RRln8yzH5Ezj:MYREXSVMDi3ZEzj
Score

10^/10

gh0strat persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Sets DLL path for service in the registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratpersistencerat

behavioral2

gh0stratpersistencerat