gh0strat | ff4967aa2cefcb0628fdc68040621351b14ea20b28a339b42e57cd3c4f35e7ff | Triage

Submit
Reports

Overview

overview

Static

static

3

ff4967aa2c...ff.exe

windows7-x64

ff4967aa2c...ff.exe

windows10-2004-x64

3

Sharing

General

Target

ff4967aa2cefcb0628fdc68040621351b14ea20b28a339b42e57cd3c4f35e7ff
Size

1.3MB
Sample

250125-r7j97axmcx
MD5

55645546b1914c2701df42bc676bd482
SHA1

9e53f78f1b7eb9e5fd47114e5e77738a58e5abdb
SHA256

ff4967aa2cefcb0628fdc68040621351b14ea20b28a339b42e57cd3c4f35e7ff
SHA512

d643f34610417a95a9bebe0b95ee1efcc408c4974b7ddb3a3e864c6e5f39744f79b316cd5b187425b13e6d08eefa7d1900d4bf2037507652c00bee599444adb4
SSDEEP

24576:Uh4cQjmoXnx/Oz+lOTKOHsQlr7K6WVZ6GwuwTbhEkA7u9:UqEqlZlOe/1bwvTbhE5y

Score

10^/10

gh0strat ramnit banker discovery rat spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ff4967aa2cefcb0628fdc68040621351b14ea20b28a339b42e57cd3c4f35e7ff.exe

Resource

win7-20240903-en

gh0strat ramnit banker discovery rat spyware stealer trojan upx worm

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

ff4967aa2cefcb0628fdc68040621351b14ea20b28a339b42e57cd3c4f35e7ff.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Targets

- Target
  
  ff4967aa2cefcb0628fdc68040621351b14ea20b28a339b42e57cd3c4f35e7ff
- Size
  
  1.3MB
- MD5
  
  55645546b1914c2701df42bc676bd482
- SHA1
  
  9e53f78f1b7eb9e5fd47114e5e77738a58e5abdb
- SHA256
  
  ff4967aa2cefcb0628fdc68040621351b14ea20b28a339b42e57cd3c4f35e7ff
- SHA512
  
  d643f34610417a95a9bebe0b95ee1efcc408c4974b7ddb3a3e864c6e5f39744f79b316cd5b187425b13e6d08eefa7d1900d4bf2037507652c00bee599444adb4
- SSDEEP
  
  24576:Uh4cQjmoXnx/Oz+lOTKOHsQlr7K6WVZ6GwuwTbhEkA7u9:UqEqlZlOe/1bwvTbhE5y
Score

10^/10

gh0strat ramnit banker discovery rat spyware stealer trojan upx worm
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Gh0strat family
  gh0strat
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratramnitbankerdiscoveryratspywarestealertrojanupxworm

behavioral2

© 2018-2025

Terms | Privacy