gh0strat | 5c67caa74de6ae51d4715348f2a0c8708ee42e9c78b586d7fc691bd279f3469c | Triage

Submit
Reports

Overview

overview

Static

static

5c67caa74d...9c.dll

windows7-x64

5c67caa74d...9c.dll

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

5c67caa74de6ae51d4715348f2a0c8708ee42e9c78b586d7fc691bd279f3469c
Size

51KB
Sample

240623-3t9hpsyela
MD5

8bacec42b001b43ba6dc3b79b1cc4b76
SHA1

d11180fc070f5f4fc3604663c69ea5074bef4884
SHA256

5c67caa74de6ae51d4715348f2a0c8708ee42e9c78b586d7fc691bd279f3469c
SHA512

d46544d544663ed74f53793af2b1f38940567667aa51f88f60a05112448ee29f79346d88633aa6d052812501ecec1bca455bf9a295d8c98aff4def4f1aa8c9e4
SSDEEP

1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLjJYH5:1dWubF3n9S91BF3fboXJYH5

Score

10^/10

gh0strat rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

5c67caa74de6ae51d4715348f2a0c8708ee42e9c78b586d7fc691bd279f3469c.dll

Resource

win7-20240508-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

5c67caa74de6ae51d4715348f2a0c8708ee42e9c78b586d7fc691bd279f3469c.dll

Resource

win10v2004-20240611-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

gh0strat

C2

kinh.xmcxmr.com

Targets

- Target
  
  5c67caa74de6ae51d4715348f2a0c8708ee42e9c78b586d7fc691bd279f3469c
- Size
  
  51KB
- MD5
  
  8bacec42b001b43ba6dc3b79b1cc4b76
- SHA1
  
  d11180fc070f5f4fc3604663c69ea5074bef4884
- SHA256
  
  5c67caa74de6ae51d4715348f2a0c8708ee42e9c78b586d7fc691bd279f3469c
- SHA512
  
  d46544d544663ed74f53793af2b1f38940567667aa51f88f60a05112448ee29f79346d88633aa6d052812501ecec1bca455bf9a295d8c98aff4def4f1aa8c9e4
- SSDEEP
  
  1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLjJYH5:1dWubF3n9S91BF3fboXJYH5
Score

10^/10

gh0strat rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy