gh0strat | 3e9a27ab25dd69d705b9aba6f1ca1b23cbee9b406b4d172c6d33cc5ea17b7408 | Triage

Submit
Reports

Overview

overview

Static

static

3e9a27ab25...08.dll

windows7-x64

3e9a27ab25...08.dll

windows10-2004-x64

Sharing

General

Target

3e9a27ab25dd69d705b9aba6f1ca1b23cbee9b406b4d172c6d33cc5ea17b7408
Size

899KB
Sample

241114-wn6ras1hpa
MD5

b05ce714fe68b729eeb8370844071193
SHA1

ec7e48354104c64985f999c9d36195c63665c9f3
SHA256

3e9a27ab25dd69d705b9aba6f1ca1b23cbee9b406b4d172c6d33cc5ea17b7408
SHA512

0c1e58dc0a800df3322ae495858de3e00acd68b539cb64e327f75268ee48fda588d768bb7a058abd3bbb57bf73653606ee5eeed51e4b0395aafb5bc8e2b4c3ca
SSDEEP

24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXu:7wqd87Vu

Score

10^/10

gh0strat discovery rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

3e9a27ab25dd69d705b9aba6f1ca1b23cbee9b406b4d172c6d33cc5ea17b7408.dll

Resource

win7-20240903-en

gh0strat discovery rat

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

3e9a27ab25dd69d705b9aba6f1ca1b23cbee9b406b4d172c6d33cc5ea17b7408.dll

Resource

win10v2004-20241007-en

gh0strat discovery rat

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

gh0strat

C2

hackerinvasion.f3322.net

Targets

- Target
  
  3e9a27ab25dd69d705b9aba6f1ca1b23cbee9b406b4d172c6d33cc5ea17b7408
- Size
  
  899KB
- MD5
  
  b05ce714fe68b729eeb8370844071193
- SHA1
  
  ec7e48354104c64985f999c9d36195c63665c9f3
- SHA256
  
  3e9a27ab25dd69d705b9aba6f1ca1b23cbee9b406b4d172c6d33cc5ea17b7408
- SHA512
  
  0c1e58dc0a800df3322ae495858de3e00acd68b539cb64e327f75268ee48fda588d768bb7a058abd3bbb57bf73653606ee5eeed51e4b0395aafb5bc8e2b4c3ca
- SSDEEP
  
  24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXu:7wqd87Vu
Score

10^/10

gh0strat discovery rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Gh0strat family
  gh0strat
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratdiscoveryrat

behavioral2

gh0stratdiscoveryrat

© 2018-2024

Terms | Privacy