gh0strat | 991ab695fa2cc9847d8c5b383ec68da2c91b06e1e169b4079abf5fc1c3d2d5b4 | Triage

Submit
Reports

Overview

overview

Static

static

3

991ab695fa...b4.exe

windows7-x64

991ab695fa...b4.exe

windows10-2004-x64

3

Sharing

General

Target

991ab695fa2cc9847d8c5b383ec68da2c91b06e1e169b4079abf5fc1c3d2d5b4
Size

1012KB
Sample

250125-q3c5msvpbt
MD5

62a33979c72994636b33e540ef9bad43
SHA1

ebf4077318879583a050d779bd53a6178cb5e74b
SHA256

991ab695fa2cc9847d8c5b383ec68da2c91b06e1e169b4079abf5fc1c3d2d5b4
SHA512

e83f7d8861b8db6ead6991c54bee78602c49dfe24c5dd89bf0202f9c1e126b93a84ff594e50e4d34e9fcf75b1e636a1b8338141777838c45e2ea3e62952e4cd1
SSDEEP

24576:2YWHDaw5/sRwYkVrHHz+mWkXwHl8xHj8oKS6uXk4uK+5QpHqw5:2swuPkRTrzXcix8ekSdj

Score

10^/10

gh0strat ramnit banker discovery rat spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

991ab695fa2cc9847d8c5b383ec68da2c91b06e1e169b4079abf5fc1c3d2d5b4.exe

Resource

win7-20241023-en

gh0strat ramnit banker discovery rat spyware stealer trojan upx worm

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

991ab695fa2cc9847d8c5b383ec68da2c91b06e1e169b4079abf5fc1c3d2d5b4.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Targets

- Target
  
  991ab695fa2cc9847d8c5b383ec68da2c91b06e1e169b4079abf5fc1c3d2d5b4
- Size
  
  1012KB
- MD5
  
  62a33979c72994636b33e540ef9bad43
- SHA1
  
  ebf4077318879583a050d779bd53a6178cb5e74b
- SHA256
  
  991ab695fa2cc9847d8c5b383ec68da2c91b06e1e169b4079abf5fc1c3d2d5b4
- SHA512
  
  e83f7d8861b8db6ead6991c54bee78602c49dfe24c5dd89bf0202f9c1e126b93a84ff594e50e4d34e9fcf75b1e636a1b8338141777838c45e2ea3e62952e4cd1
- SSDEEP
  
  24576:2YWHDaw5/sRwYkVrHHz+mWkXwHl8xHj8oKS6uXk4uK+5QpHqw5:2swuPkRTrzXcix8ekSdj
Score

10^/10

gh0strat ramnit banker discovery rat spyware stealer trojan upx worm
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Gh0strat family
  gh0strat
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratramnitbankerdiscoveryratspywarestealertrojanupxworm

behavioral2

© 2018-2025

Terms | Privacy