gh0strat | b38f58cbfae22f29a973785149121b140f90490d8c688af59854706b38154131 | Triage

Submit
Reports

Overview

overview

Static

static

3

b38f58cbfa...31.exe

windows7-x64

b38f58cbfa...31.exe

windows10-2004-x64

Sharing

General

Target

b38f58cbfae22f29a973785149121b140f90490d8c688af59854706b38154131
Size

1.2MB
Sample

241115-hvslcs1ame
MD5

256a3c053b2be31b33844f0aec28d6f7
SHA1

b40288bee799bb2d1e049161b0492283cb9fe41c
SHA256

b38f58cbfae22f29a973785149121b140f90490d8c688af59854706b38154131
SHA512

60be9ce431daab1cc40145ebe3e9fc9d538c7e4682f3167068f57355dbbab23329688fa61a45acaa3c958dc33ba4ea6b759f3eac24183c5ca7212875087c3aaf
SSDEEP

24576:YBcKhZKD2lG4HxeM2jO0HXflRRbKJpM8hhMPh2f3OaArF:ycKNlG4Hx7v0HXdKJCoqg3Or

Score

10^/10

gh0strat discovery rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b38f58cbfae22f29a973785149121b140f90490d8c688af59854706b38154131.exe

Resource

win7-20240903-en

gh0strat discovery rat

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

b38f58cbfae22f29a973785149121b140f90490d8c688af59854706b38154131.exe

Resource

win10v2004-20241007-en

gh0strat discovery rat

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  b38f58cbfae22f29a973785149121b140f90490d8c688af59854706b38154131
- Size
  
  1.2MB
- MD5
  
  256a3c053b2be31b33844f0aec28d6f7
- SHA1
  
  b40288bee799bb2d1e049161b0492283cb9fe41c
- SHA256
  
  b38f58cbfae22f29a973785149121b140f90490d8c688af59854706b38154131
- SHA512
  
  60be9ce431daab1cc40145ebe3e9fc9d538c7e4682f3167068f57355dbbab23329688fa61a45acaa3c958dc33ba4ea6b759f3eac24183c5ca7212875087c3aaf
- SSDEEP
  
  24576:YBcKhZKD2lG4HxeM2jO0HXflRRbKJpM8hhMPh2f3OaArF:ycKNlG4Hx7v0HXdKJCoqg3Or
Score

10^/10

gh0strat discovery rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Gh0strat family
  gh0strat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratdiscoveryrat

behavioral2

gh0stratdiscoveryrat

© 2018-2024

Terms | Privacy