gh0strat | 3bd55e9d504dfe3abb44a3b167e0f8733eaf6287fc7b52de8bc7e028483e9b7e | Triage

Submit
Reports

Overview

overview

Static

static

3

3bd55e9d50...7e.exe

windows7-x64

3bd55e9d50...7e.exe

windows10-2004-x64

Sharing

General

Target

3bd55e9d504dfe3abb44a3b167e0f8733eaf6287fc7b52de8bc7e028483e9b7e
Size

1.2MB
Sample

241110-ntw52swcpj
MD5

2ddbf66f1c646998ec9331c068920374
SHA1

f69474df86eb5fb88867f8c57195316e151b8da9
SHA256

3bd55e9d504dfe3abb44a3b167e0f8733eaf6287fc7b52de8bc7e028483e9b7e
SHA512

c0a76767f05d28a0fe05a96702ce72c60ba5230272ac32acf24c61a7d04ed594f274a30d26b8d97fb0c2283fc24e5dc90b0522067efae405d389ced694c3703d
SSDEEP

24576:NYFbkIsaPiXSVnC7Yp9zkNmZG8RRlnsyzv:NYREXSVMDi3n

Score

10^/10

gh0strat discovery persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3bd55e9d504dfe3abb44a3b167e0f8733eaf6287fc7b52de8bc7e028483e9b7e.exe

Resource

win7-20240903-en

gh0strat discovery persistence rat

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

3bd55e9d504dfe3abb44a3b167e0f8733eaf6287fc7b52de8bc7e028483e9b7e.exe

Resource

win10v2004-20241007-en

gh0strat discovery persistence rat

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  3bd55e9d504dfe3abb44a3b167e0f8733eaf6287fc7b52de8bc7e028483e9b7e
- Size
  
  1.2MB
- MD5
  
  2ddbf66f1c646998ec9331c068920374
- SHA1
  
  f69474df86eb5fb88867f8c57195316e151b8da9
- SHA256
  
  3bd55e9d504dfe3abb44a3b167e0f8733eaf6287fc7b52de8bc7e028483e9b7e
- SHA512
  
  c0a76767f05d28a0fe05a96702ce72c60ba5230272ac32acf24c61a7d04ed594f274a30d26b8d97fb0c2283fc24e5dc90b0522067efae405d389ced694c3703d
- SSDEEP
  
  24576:NYFbkIsaPiXSVnC7Yp9zkNmZG8RRlnsyzv:NYREXSVMDi3n
Score

10^/10

gh0strat discovery persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Gh0strat family
  gh0strat
- Server Software Component: Terminal Services DLL
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratdiscoverypersistencerat

behavioral2

gh0stratdiscoverypersistencerat

© 2018-2024

Terms | Privacy