gh0strat | eb7ea787601bf9cd644b6756db249a1c53f92a8552c1d4642d310c650b1c5e42 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

eb7ea78760...42.exe

windows7-x64

eb7ea78760...42.exe

windows10-2004-x64

Sharing

General

Target

eb7ea787601bf9cd644b6756db249a1c53f92a8552c1d4642d310c650b1c5e42
Size

440KB
Sample

240903-vjabvs1frq
MD5

f15baba91b0737d6dc709d94ba911b50
SHA1

e5e03d3569ca86314939a179779aea12528e6dcf
SHA256

eb7ea787601bf9cd644b6756db249a1c53f92a8552c1d4642d310c650b1c5e42
SHA512

7b393520a63513b3a399b966d259de78072b30eea0c043bc3b560878e5069fd2ce80c11f8885ab9db7b9eea855451e2d24f412d44fd7c505b6ddf4c7497ea7ba
SSDEEP

3072:c2VdsaO1zWimMW8uZFij77tqjDAas6MgxvRzt7DBAw1BHn:Ka+aDA8HAas6MGZtnBTD

Score

10^/10

gh0strat discovery rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

eb7ea787601bf9cd644b6756db249a1c53f92a8552c1d4642d310c650b1c5e42.exe

Resource

win7-20240903-en

gh0strat discovery rat

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

eb7ea787601bf9cd644b6756db249a1c53f92a8552c1d4642d310c650b1c5e42.exe

Resource

win10v2004-20240802-en

gh0strat discovery rat

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

gh0strat

C2

qq.qqppf.com

Targets

- Target
  
  eb7ea787601bf9cd644b6756db249a1c53f92a8552c1d4642d310c650b1c5e42
- Size
  
  440KB
- MD5
  
  f15baba91b0737d6dc709d94ba911b50
- SHA1
  
  e5e03d3569ca86314939a179779aea12528e6dcf
- SHA256
  
  eb7ea787601bf9cd644b6756db249a1c53f92a8552c1d4642d310c650b1c5e42
- SHA512
  
  7b393520a63513b3a399b966d259de78072b30eea0c043bc3b560878e5069fd2ce80c11f8885ab9db7b9eea855451e2d24f412d44fd7c505b6ddf4c7497ea7ba
- SSDEEP
  
  3072:c2VdsaO1zWimMW8uZFij77tqjDAas6MgxvRzt7DBAw1BHn:Ka+aDA8HAas6MGZtnBTD
Score

10^/10

gh0strat discovery rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratdiscoveryrat

behavioral2

gh0stratdiscoveryrat

© 2018-2025

Terms | Privacy