gh0strat | 0db3f06e287e53fc06f6392cd441b79c57a936860ed2cec462d9f12f186b59ce | Triage

Submit
Reports

Overview

overview

Static

static

3

0db3f06e28...ce.exe

windows7-x64

0db3f06e28...ce.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

0db3f06e287e53fc06f6392cd441b79c57a936860ed2cec462d9f12f186b59ce
Size

966KB
Sample

240919-vyfges1dlr
MD5

4bc03c18a07b850c92d833e765f119b6
SHA1

68a71fbb13bfea5f9c122b5beae439b5d2523910
SHA256

0db3f06e287e53fc06f6392cd441b79c57a936860ed2cec462d9f12f186b59ce
SHA512

404769902f61a1ace8554c339cc9b3e092d0372f985117167b3451975b40d437b616104bbb625c6fcd8f91665b1d442b6609abf4dcdbff3a0d29bb1c13733cca
SSDEEP

24576:HSVUz1RXA3QCUd5vHyaJ6IBrqbaO9iipSKJ53a:yiAyKaUIUEmS1

Score

10^/10

gh0strat discovery rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0db3f06e287e53fc06f6392cd441b79c57a936860ed2cec462d9f12f186b59ce.exe

Resource

win7-20240903-en

gh0strat discovery rat

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

0db3f06e287e53fc06f6392cd441b79c57a936860ed2cec462d9f12f186b59ce.exe

Resource

win10v2004-20240802-en

gh0strat discovery rat

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  0db3f06e287e53fc06f6392cd441b79c57a936860ed2cec462d9f12f186b59ce
- Size
  
  966KB
- MD5
  
  4bc03c18a07b850c92d833e765f119b6
- SHA1
  
  68a71fbb13bfea5f9c122b5beae439b5d2523910
- SHA256
  
  0db3f06e287e53fc06f6392cd441b79c57a936860ed2cec462d9f12f186b59ce
- SHA512
  
  404769902f61a1ace8554c339cc9b3e092d0372f985117167b3451975b40d437b616104bbb625c6fcd8f91665b1d442b6609abf4dcdbff3a0d29bb1c13733cca
- SSDEEP
  
  24576:HSVUz1RXA3QCUd5vHyaJ6IBrqbaO9iipSKJ53a:yiAyKaUIUEmS1
Score

10^/10

gh0strat discovery rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratdiscoveryrat

behavioral2

gh0stratdiscoveryrat

© 2018-2025

Terms | Privacy