gh0strat | 08dea35cc0044a141f7509885d266dce877fb2ec5d0644e5a8c3bd8501a60bf8 | Triage

Sharing

General

Target

08dea35cc0044a141f7509885d266dce877fb2ec5d0644e5a8c3bd8501a60bf8
Size

376KB
Sample

250405-kp6l5swnz9
MD5

9b7268cad5fba0526815c4f0b174abe2
SHA1

443c188d5cc8f72a413ada01156682b789d249ab
SHA256

08dea35cc0044a141f7509885d266dce877fb2ec5d0644e5a8c3bd8501a60bf8
SHA512

7fe3c4aeb7f65e6e02cb446d9f0c4374bc24cac000e39582a2e680e21d2090f424e8a5abe834fe859d99b1982e64e6ec52e2fb05753f2f41a6e5f5c542cf26de
SSDEEP

6144:ROyLEbWaR5Cc/8JFmuy4ixRDDDDhVZGYzaQ:cUaWaR5v/6q7hZG

Score

10^/10

gh0strat discovery persistence rat

Malware Config

Extracted

Family

gh0strat

C2

127.0.0.1

Targets

- Target
  
  08dea35cc0044a141f7509885d266dce877fb2ec5d0644e5a8c3bd8501a60bf8
- Size
  
  376KB
- MD5
  
  9b7268cad5fba0526815c4f0b174abe2
- SHA1
  
  443c188d5cc8f72a413ada01156682b789d249ab
- SHA256
  
  08dea35cc0044a141f7509885d266dce877fb2ec5d0644e5a8c3bd8501a60bf8
- SHA512
  
  7fe3c4aeb7f65e6e02cb446d9f0c4374bc24cac000e39582a2e680e21d2090f424e8a5abe834fe859d99b1982e64e6ec52e2fb05753f2f41a6e5f5c542cf26de
- SSDEEP
  
  6144:ROyLEbWaR5Cc/8JFmuy4ixRDDDDhVZGYzaQ:cUaWaR5v/6q7hZG
Score

10^/10

gh0strat discovery persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Gh0strat family
  gh0strat
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratdiscoverypersistencerat