gh0strat | ea41205ffaa7b70b48672874dbdff5cd080b9af44c51487ab30bc361eebf16ba | Triage

Submit
Reports

Overview

overview

Static

static

ea41205ffa...ba.dll

windows7-x64

3

ea41205ffa...ba.dll

windows10-2004-x64

Sharing

General

Target

ea41205ffaa7b70b48672874dbdff5cd080b9af44c51487ab30bc361eebf16ba
Size

1.3MB
Sample

240914-yxxwvstcnn
MD5

07056e507f43aadea1eb5a75e0446d12
SHA1

563bc6a858f9e4d65e36ba4cea3089e0797ce85d
SHA256

ea41205ffaa7b70b48672874dbdff5cd080b9af44c51487ab30bc361eebf16ba
SHA512

fc4267ac829beab052dfaa3446f674d8f73c28b2d024c9e56149dc3f85496a11b4362d48e7e9d493b518e1ca1a135a8b209d88de8f84eebfd0212b71a220c650
SSDEEP

24576:lJNMhuvVDL87GQiga0CrwZ9mvuefA0V8MlK6B2fr4M5AncIrP/MtR5tDV/V:3Y7BV

Score

10^/10

gh0strat discovery rat upx

Static task

static1

5 signatures

Behavioral task

behavioral1

Sample

ea41205ffaa7b70b48672874dbdff5cd080b9af44c51487ab30bc361eebf16ba.dll

Resource

win7-20240708-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

ea41205ffaa7b70b48672874dbdff5cd080b9af44c51487ab30bc361eebf16ba.dll

Resource

win10v2004-20240802-en

gh0strat discovery rat upx

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  ea41205ffaa7b70b48672874dbdff5cd080b9af44c51487ab30bc361eebf16ba
- Size
  
  1.3MB
- MD5
  
  07056e507f43aadea1eb5a75e0446d12
- SHA1
  
  563bc6a858f9e4d65e36ba4cea3089e0797ce85d
- SHA256
  
  ea41205ffaa7b70b48672874dbdff5cd080b9af44c51487ab30bc361eebf16ba
- SHA512
  
  fc4267ac829beab052dfaa3446f674d8f73c28b2d024c9e56149dc3f85496a11b4362d48e7e9d493b518e1ca1a135a8b209d88de8f84eebfd0212b71a220c650
- SSDEEP
  
  24576:lJNMhuvVDL87GQiga0CrwZ9mvuefA0V8MlK6B2fr4M5AncIrP/MtR5tDV/V:3Y7BV
Score

10^/10

discovery gh0strat rat upx
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

gh0stratdiscoveryratupx

© 2018-2025

Terms | Privacy