gh0strat | 8473d4b398a72605f8cfbffbc45709f9267a173208cb8814caba98b4d8c53303 | Triage

Submit
Reports

Overview

overview

Static

static

7

8473d4b398...03.exe

windows7-x64

8473d4b398...03.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

8473d4b398a72605f8cfbffbc45709f9267a173208cb8814caba98b4d8c53303
Size

133KB
Sample

240912-lxs7fs1fjd
MD5

395bb7ea9944773809df27b69422d67b
SHA1

0c422257fa0917e4e176a74dc46f059abc8859f4
SHA256

8473d4b398a72605f8cfbffbc45709f9267a173208cb8814caba98b4d8c53303
SHA512

12ef46e547db9a13969300e7a4723aa0ab4f99229f68c528c140f0da8967267dea65004306b9b63476612567bc3103e4b6bb273f2162f3a06f2a1d6912e61d64
SSDEEP

3072:6yIpG2/iDbYvGY4/BL/MDOw//5zzDVL7Jjk/dR8iV:rIposOpwJzzi8iV

Score

10^/10

gh0strat discovery persistence rat upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

8473d4b398a72605f8cfbffbc45709f9267a173208cb8814caba98b4d8c53303.exe

Resource

win7-20240903-en

gh0strat discovery rat upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

8473d4b398a72605f8cfbffbc45709f9267a173208cb8814caba98b4d8c53303.exe

Resource

win10v2004-20240802-en

gh0strat discovery persistence rat upx

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

gh0strat

C2

10.111.253.140

Targets

- Target
  
  8473d4b398a72605f8cfbffbc45709f9267a173208cb8814caba98b4d8c53303
- Size
  
  133KB
- MD5
  
  395bb7ea9944773809df27b69422d67b
- SHA1
  
  0c422257fa0917e4e176a74dc46f059abc8859f4
- SHA256
  
  8473d4b398a72605f8cfbffbc45709f9267a173208cb8814caba98b4d8c53303
- SHA512
  
  12ef46e547db9a13969300e7a4723aa0ab4f99229f68c528c140f0da8967267dea65004306b9b63476612567bc3103e4b6bb273f2162f3a06f2a1d6912e61d64
- SSDEEP
  
  3072:6yIpG2/iDbYvGY4/BL/MDOw//5zzDVL7Jjk/dR8iV:rIposOpwJzzi8iV
Score

10^/10

gh0strat discovery rat upx persistence
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratdiscoveryratupx

behavioral2

gh0stratdiscoverypersistenceratupx

© 2018-2025

Terms | Privacy