gh0strat | bf052aefb37b7741aedb23c79e9aca9a312a6766f5c2035941f7a24cc3f3c513 | Triage

Submit
Reports

Overview

overview

Static

static

bf052aefb3...13.dll

windows7-x64

bf052aefb3...13.dll

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

bf052aefb37b7741aedb23c79e9aca9a312a6766f5c2035941f7a24cc3f3c513
Size

51KB
Sample

240812-fdte8azgqa
MD5

04bf7589657843ed3b0c010ca35b7a21
SHA1

c7af1f8aa79e4b7cd0424d1453ef35025451f77e
SHA256

bf052aefb37b7741aedb23c79e9aca9a312a6766f5c2035941f7a24cc3f3c513
SHA512

6205a2d290cb68c82b5756f5b0fb6ac1bed1c72e506065a708450379eba6f9e35256ba85c2bc0cca94c7c54674e7df82bc12a8d36d940543e3c27a89de046fb1
SSDEEP

1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLFJYH5:1dWubF3n9S91BF3fboxJYH5

Score

10^/10

gh0strat discovery rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

bf052aefb37b7741aedb23c79e9aca9a312a6766f5c2035941f7a24cc3f3c513.dll

Resource

win7-20240704-en

gh0strat discovery rat

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

bf052aefb37b7741aedb23c79e9aca9a312a6766f5c2035941f7a24cc3f3c513.dll

Resource

win10v2004-20240802-en

gh0strat discovery rat

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

gh0strat

C2

kinh.xmcxmr.com

Targets

- Target
  
  bf052aefb37b7741aedb23c79e9aca9a312a6766f5c2035941f7a24cc3f3c513
- Size
  
  51KB
- MD5
  
  04bf7589657843ed3b0c010ca35b7a21
- SHA1
  
  c7af1f8aa79e4b7cd0424d1453ef35025451f77e
- SHA256
  
  bf052aefb37b7741aedb23c79e9aca9a312a6766f5c2035941f7a24cc3f3c513
- SHA512
  
  6205a2d290cb68c82b5756f5b0fb6ac1bed1c72e506065a708450379eba6f9e35256ba85c2bc0cca94c7c54674e7df82bc12a8d36d940543e3c27a89de046fb1
- SSDEEP
  
  1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLFJYH5:1dWubF3n9S91BF3fboxJYH5
Score

10^/10

gh0strat discovery rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratdiscoveryrat

behavioral2

gh0stratdiscoveryrat

© 2018-2025

Terms | Privacy