gh0strat | 94f91c8f8d82ab66f0dd9cd6de802f2779281c7f9d5811afe8279f59213cb571 | Triage

Submit
Reports

Overview

overview

Static

static

3

2024-11-14...er.exe

windows7-x64

2024-11-14...er.exe

windows10-2004-x64

Sharing

General

Target

2024-11-14_64fb8213dd0b059147e3fb0e1b7caf64_hijackloader_icedid_luca-stealer
Size

4.4MB
Sample

241114-lryjzsxdpj
MD5

64fb8213dd0b059147e3fb0e1b7caf64
SHA1

52064945e1381eb65739cb82fd031410daa3a095
SHA256

94f91c8f8d82ab66f0dd9cd6de802f2779281c7f9d5811afe8279f59213cb571
SHA512

d42d28c66c1f8a6e560750650ff31ea9f4c4b60540fd4cbe0ad9dd1201264a3a411ce1d328bc125df4159b5125800e53e7b80c06e84be14321cab229deb8b048
SSDEEP

49152:IYREXSVMDi3Rx/bXsPNIULkmp1/j6AeXZG7wmpvGF1IP9z5WuHC4O8b8ITDnl27z:J2SVMD8T/bXsPN5kiQaZ56

Score

10^/10

gh0strat discovery persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2024-11-14_64fb8213dd0b059147e3fb0e1b7caf64_hijackloader_icedid_luca-stealer.exe

Resource

win7-20240903-en

gh0strat discovery persistence rat

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-11-14_64fb8213dd0b059147e3fb0e1b7caf64_hijackloader_icedid_luca-stealer.exe

Resource

win10v2004-20241007-en

gh0strat discovery persistence rat

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-11-14_64fb8213dd0b059147e3fb0e1b7caf64_hijackloader_icedid_luca-stealer
- Size
  
  4.4MB
- MD5
  
  64fb8213dd0b059147e3fb0e1b7caf64
- SHA1
  
  52064945e1381eb65739cb82fd031410daa3a095
- SHA256
  
  94f91c8f8d82ab66f0dd9cd6de802f2779281c7f9d5811afe8279f59213cb571
- SHA512
  
  d42d28c66c1f8a6e560750650ff31ea9f4c4b60540fd4cbe0ad9dd1201264a3a411ce1d328bc125df4159b5125800e53e7b80c06e84be14321cab229deb8b048
- SSDEEP
  
  49152:IYREXSVMDi3Rx/bXsPNIULkmp1/j6AeXZG7wmpvGF1IP9z5WuHC4O8b8ITDnl27z:J2SVMD8T/bXsPN5kiQaZ56
Score

10^/10

gh0strat discovery persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Gh0strat family
  gh0strat
- Server Software Component: Terminal Services DLL
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratdiscoverypersistencerat

behavioral2

gh0stratdiscoverypersistencerat

© 2018-2024

Terms | Privacy