gh0strat | 84fe6ff652e079ae7278a707268163db03d90c46f3c209b72315b380d0a283ee | Triage

Submit
Reports

Overview

overview

Static

static

3

84fe6ff652...ee.exe

windows7-x64

84fe6ff652...ee.exe

windows10-2004-x64

Sharing

General

Target

84fe6ff652e079ae7278a707268163db03d90c46f3c209b72315b380d0a283ee
Size

4.8MB
Sample

240625-1xtkjsydjj
MD5

f379e23fdf5a4cd4c9db3c4dfcc19eec
SHA1

2a48345da76480fd69fc0900acefeb66db4c48bc
SHA256

84fe6ff652e079ae7278a707268163db03d90c46f3c209b72315b380d0a283ee
SHA512

9e341afb18dcdea52069c885e1c42c63a95874b1e744ba9c30941edf84cdcd3a4adf75871d00962e72720e4dda6345724f1fb5c5b34ae3d42ad578a516424f58
SSDEEP

49152:kYREXSVMDi3UXipThIbXsPNIULkmp1/j6AeXZG7wmpvGF1IP9z5WuHC4O8b8ITDG:d2SVMD8UkhIbXsPN5kiQaZ56

Score

10^/10

gh0strat persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

84fe6ff652e079ae7278a707268163db03d90c46f3c209b72315b380d0a283ee.exe

Resource

win7-20240508-en

gh0strat persistence rat

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

84fe6ff652e079ae7278a707268163db03d90c46f3c209b72315b380d0a283ee.exe

Resource

win10v2004-20240611-en

gh0strat persistence rat

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  84fe6ff652e079ae7278a707268163db03d90c46f3c209b72315b380d0a283ee
- Size
  
  4.8MB
- MD5
  
  f379e23fdf5a4cd4c9db3c4dfcc19eec
- SHA1
  
  2a48345da76480fd69fc0900acefeb66db4c48bc
- SHA256
  
  84fe6ff652e079ae7278a707268163db03d90c46f3c209b72315b380d0a283ee
- SHA512
  
  9e341afb18dcdea52069c885e1c42c63a95874b1e744ba9c30941edf84cdcd3a4adf75871d00962e72720e4dda6345724f1fb5c5b34ae3d42ad578a516424f58
- SSDEEP
  
  49152:kYREXSVMDi3UXipThIbXsPNIULkmp1/j6AeXZG7wmpvGF1IP9z5WuHC4O8b8ITDG:d2SVMD8UkhIbXsPN5kiQaZ56
Score

10^/10

gh0strat persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Server Software Component: Terminal Services DLL
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratpersistencerat

behavioral2

gh0stratpersistencerat

© 2018-2025

Terms | Privacy