gh0strat | f6d6f15d5423791e7919c951f5b0554982b94bc0e6bcdb71d01e1f7fdef690ac | Triage

Submit
Reports

Overview

overview

Static

static

3

f6d6f15d54...ac.exe

windows7-x64

f6d6f15d54...ac.exe

windows10-2004-x64

Sharing

General

Target

f6d6f15d5423791e7919c951f5b0554982b94bc0e6bcdb71d01e1f7fdef690ac
Size

2.7MB
Sample

250127-3s3nrszpep
MD5

c8efce2b10d2aa07c95e0cc749ecf500
SHA1

c192a97c4839e0bcb84e05552b3fa78723b28554
SHA256

f6d6f15d5423791e7919c951f5b0554982b94bc0e6bcdb71d01e1f7fdef690ac
SHA512

c657e4e5743265ee41f8ca6d806d589183aa3203f957831ec07c3d79a55378db06b42b878138ce7631c9051a7dcf9fc1e7308d944308e9eb934f744d5a5766a7
SSDEEP

49152:nYREXSVMKi3MsS7+XGwv2tP1zTPADnWPMklKu8bi4O8b8ITDnl13S:Y2SVMK8MsS7+Wwv2tP1PPknK

Score

10^/10

gh0strat discovery persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f6d6f15d5423791e7919c951f5b0554982b94bc0e6bcdb71d01e1f7fdef690ac.exe

Resource

win7-20240903-en

gh0strat discovery persistence rat

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

f6d6f15d5423791e7919c951f5b0554982b94bc0e6bcdb71d01e1f7fdef690ac.exe

Resource

win10v2004-20241007-en

gh0strat discovery persistence rat

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  f6d6f15d5423791e7919c951f5b0554982b94bc0e6bcdb71d01e1f7fdef690ac
- Size
  
  2.7MB
- MD5
  
  c8efce2b10d2aa07c95e0cc749ecf500
- SHA1
  
  c192a97c4839e0bcb84e05552b3fa78723b28554
- SHA256
  
  f6d6f15d5423791e7919c951f5b0554982b94bc0e6bcdb71d01e1f7fdef690ac
- SHA512
  
  c657e4e5743265ee41f8ca6d806d589183aa3203f957831ec07c3d79a55378db06b42b878138ce7631c9051a7dcf9fc1e7308d944308e9eb934f744d5a5766a7
- SSDEEP
  
  49152:nYREXSVMKi3MsS7+XGwv2tP1zTPADnWPMklKu8bi4O8b8ITDnl13S:Y2SVMK8MsS7+Wwv2tP1PPknK
Score

10^/10

gh0strat discovery persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Gh0strat family
  gh0strat
- Server Software Component: Terminal Services DLL
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratdiscoverypersistencerat

behavioral2

gh0stratdiscoverypersistencerat

© 2018-2025

Terms | Privacy