gh0strat

General

Target

505c37f747bd2d9da5f751c9b4e30a8b3df163b0b4b9dee0a922ca76acf8b358N
Size

2.0MB
Sample

241111-ys2z1svgjk
MD5

046a66194b145155547f2e073bf48de0
SHA1

3d75bac17cd25ba5d5a703eb7a78eb2981de1601
SHA256

505c37f747bd2d9da5f751c9b4e30a8b3df163b0b4b9dee0a922ca76acf8b358
SHA512

9edd55351b014b1ed88f6c40c96d8353345da0480bbba850aec0eec1efa827dc677f17bdca466b59c71c59e6f57f7bb1ed82476ecd48569b741f8b46814775e8
SSDEEP

49152:AsUFb5hAzXPJwp7VMrEre5TGjpWr4OMzA3xu:A/5hmup7VQEcGjp5Oho

Score

10^/10

Malware Config

Targets

- Target
  
  505c37f747bd2d9da5f751c9b4e30a8b3df163b0b4b9dee0a922ca76acf8b358N
- Size
  
  2.0MB
- MD5
  
  046a66194b145155547f2e073bf48de0
- SHA1
  
  3d75bac17cd25ba5d5a703eb7a78eb2981de1601
- SHA256
  
  505c37f747bd2d9da5f751c9b4e30a8b3df163b0b4b9dee0a922ca76acf8b358
- SHA512
  
  9edd55351b014b1ed88f6c40c96d8353345da0480bbba850aec0eec1efa827dc677f17bdca466b59c71c59e6f57f7bb1ed82476ecd48569b741f8b46814775e8
- SSDEEP
  
  49152:AsUFb5hAzXPJwp7VMrEre5TGjpWr4OMzA3xu:A/5hmup7VQEcGjp5Oho
Score

10^/10

gh0strat discovery persistence rat upx
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Gh0strat family
  gh0strat
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  svchost.exe
- Size
  
  356KB
- MD5
  
  226acfd69bc51501aee94e26faeecca0
- SHA1
  
  853026144840a8a7c73ed8a30e54a4afe20c4020
- SHA256
  
  7fd05bb83ca8937c02eaab2259c9ce0c2e542507ccc935e9093e2ead088015b5
- SHA512
  
  219433a7ecfb4aaa109bbd9a0dacdf46fc6b9a9a99caa022e9d055de307f7f08fd420a37b68a8593d620204df9b2678c70c768fd3cd68a12d5e1fe92b1da0daa
- SSDEEP
  
  6144:Gh1u3c9FNN8tyE096wgvRHCzOYtqlGyzcsX3KA0LQIQRD:E1uM9FNaty13gNCpOdn/u8
Score

10^/10

gh0strat discovery persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Gh0strat family
  gh0strat
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral3 behavioral4
- Target
  
  ๦ܸ1.2.exe
- Size
  
  2.5MB
- MD5
  
  b039a3ca7638a7a0203e8bd3c9c6a597
- SHA1
  
  c105c0d447761a827b68553b8923bb97746516df
- SHA256
  
  c3fa1761a31ef908212fb3826eebb012011d6512f8280beef3a6d65cab04fc13
- SHA512
  
  abfa1b8036a4c9f7ec3c34413a774c01429a5843354120ef9c76fadffd5509396d03da50df635283ebfd0dfb8ee5b13e4b92e28b7c049c8075618243a96840a9
- SSDEEP
  
  49152:SZi+qP9pXzzeOqdwk0cQHGiYYSzSY5voVU7zQYKgcMTztH8pV6g9:SC9pjzeOqdwkLQHHhsSYt83gcOH8ag9
Score

7^/10

discovery upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral5 behavioral6