gh0strat | f332e2f30070ae793d13b5664acec47dc140270825144e69cfc5859d5cce8d20 | Triage

Submit
Reports

Overview

overview

Static

static

f332e2f300...20.exe

windows7-x64

f332e2f300...20.exe

windows10-2004-x64

Sharing

General

Target

f332e2f30070ae793d13b5664acec47dc140270825144e69cfc5859d5cce8d20
Size

2.4MB
Sample

241226-lqreaaspcm
MD5

aa89115709cd72b95d39415755ffbda0
SHA1

9417f30d4c9499b88abd9de8a51fa30e0c8898c5
SHA256

f332e2f30070ae793d13b5664acec47dc140270825144e69cfc5859d5cce8d20
SHA512

1a3875299cabfd7658d9d50b7c46ce4aa4a70c89dfe06905cbd0132a618ddac6ad22acd166af7436c8bedf4fc94384e77f682111b4179fbd3d3c4a47bbaa5394
SSDEEP

24576:oYFbkIsaPiXSVnC7Yp9zjNmZG8RRl9LyzCCgjBAeu8iuUHGzkuBhzy2F+yVICFP5:oYREXSVMKi3VCI7XBE2IuF64rIlmdii

Score

10^/10

gh0strat mimikatz discovery persistence rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

f332e2f30070ae793d13b5664acec47dc140270825144e69cfc5859d5cce8d20.exe

Resource

win7-20241023-en

gh0strat mimikatz discovery persistence rat

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

f332e2f30070ae793d13b5664acec47dc140270825144e69cfc5859d5cce8d20.exe

Resource

win10v2004-20241007-en

gh0strat mimikatz discovery persistence rat

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  f332e2f30070ae793d13b5664acec47dc140270825144e69cfc5859d5cce8d20
- Size
  
  2.4MB
- MD5
  
  aa89115709cd72b95d39415755ffbda0
- SHA1
  
  9417f30d4c9499b88abd9de8a51fa30e0c8898c5
- SHA256
  
  f332e2f30070ae793d13b5664acec47dc140270825144e69cfc5859d5cce8d20
- SHA512
  
  1a3875299cabfd7658d9d50b7c46ce4aa4a70c89dfe06905cbd0132a618ddac6ad22acd166af7436c8bedf4fc94384e77f682111b4179fbd3d3c4a47bbaa5394
- SSDEEP
  
  24576:oYFbkIsaPiXSVnC7Yp9zjNmZG8RRl9LyzCCgjBAeu8iuUHGzkuBhzy2F+yVICFP5:oYREXSVMKi3VCI7XBE2IuF64rIlmdii
Score

10^/10

gh0strat mimikatz discovery persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Gh0strat family
  gh0strat
- Mimikatz
  mimikatz is an open source tool to dump credentials on Windows.
  mimikatz
- Mimikatz family
  mimikatz
- mimikatz is an open source tool to dump credentials on Windows
- Server Software Component: Terminal Services DLL
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratmimikatzdiscoverypersistencerat

behavioral2

gh0stratmimikatzdiscoverypersistencerat

© 2018-2024

Terms | Privacy