gh0strat | bb0b28e42d46442874d3709e8c6f4787f2534b29f61ccb4c6fc13a21ac21fdee | Triage

Submit
Reports

Overview

overview

Static

static

bb0b28e42d...ee.dll

windows7-x64

bb0b28e42d...ee.dll

windows10-2004-x64

Sharing

General

Target

bb0b28e42d46442874d3709e8c6f4787f2534b29f61ccb4c6fc13a21ac21fdee
Size

51KB
Sample

241114-br74bawkhj
MD5

ea2f5392f5e25ee0abc25e10958e9a21
SHA1

8356fe4678da4aeaac05c47e5b3653d9004970e4
SHA256

bb0b28e42d46442874d3709e8c6f4787f2534b29f61ccb4c6fc13a21ac21fdee
SHA512

44faa0b9d72347494e5560d7f384c86f6c717c2de08d3184bca58f652c7abbaaa14840aa771a4aaedbcbe7c419f6b12d1471a5456ad9f412c1299eb1124348e5
SSDEEP

1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLOJYH5:1dWubF3n9S91BF3fboyJYH5

Score

10^/10

gh0strat discovery rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

bb0b28e42d46442874d3709e8c6f4787f2534b29f61ccb4c6fc13a21ac21fdee.dll

Resource

win7-20240903-en

gh0strat discovery rat

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

bb0b28e42d46442874d3709e8c6f4787f2534b29f61ccb4c6fc13a21ac21fdee.dll

Resource

win10v2004-20241007-en

gh0strat discovery rat

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

gh0strat

C2

kinh.xmcxmr.com

Targets

- Target
  
  bb0b28e42d46442874d3709e8c6f4787f2534b29f61ccb4c6fc13a21ac21fdee
- Size
  
  51KB
- MD5
  
  ea2f5392f5e25ee0abc25e10958e9a21
- SHA1
  
  8356fe4678da4aeaac05c47e5b3653d9004970e4
- SHA256
  
  bb0b28e42d46442874d3709e8c6f4787f2534b29f61ccb4c6fc13a21ac21fdee
- SHA512
  
  44faa0b9d72347494e5560d7f384c86f6c717c2de08d3184bca58f652c7abbaaa14840aa771a4aaedbcbe7c419f6b12d1471a5456ad9f412c1299eb1124348e5
- SSDEEP
  
  1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLOJYH5:1dWubF3n9S91BF3fboyJYH5
Score

10^/10

gh0strat discovery rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Gh0strat family
  gh0strat
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratdiscoveryrat

behavioral2

gh0stratdiscoveryrat

© 2018-2024

Terms | Privacy