gh0strat | 6757931a35277fd29ac23ebfb94850578c22918394f4e79325d5a93078092769 | Triage

Submit
Reports

Overview

overview

Static

static

3

6757931a35...69.exe

windows10-2004-x64

Sharing

General

Target

6757931a35277fd29ac23ebfb94850578c22918394f4e79325d5a93078092769
Size

1.2MB
Sample

250405-r4hbeszsgy
MD5

125df070ea1ae9c6c0919998b46d9dfa
SHA1

ee0220cb1f18c48c5291aa602872e2eb4ee5aac5
SHA256

6757931a35277fd29ac23ebfb94850578c22918394f4e79325d5a93078092769
SHA512

b622626e4402894f2b7348aeee883e448513991d91c8d2ce34ca67db9b36fcc268f0ab8bdabd7850d975593d5d9991c4829cae4819812dcf1932bf34109dc509
SSDEEP

24576:BYFbkIsaPiXSVnC7Yp9zkNmZG8RRlnMyzcjzV/EE:BYREXSVMDi3wjzlEE

Score

10^/10

gh0strat discovery persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6757931a35277fd29ac23ebfb94850578c22918394f4e79325d5a93078092769.exe

Resource

win10v2004-20250313-en

gh0strat discovery persistence rat

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  6757931a35277fd29ac23ebfb94850578c22918394f4e79325d5a93078092769
- Size
  
  1.2MB
- MD5
  
  125df070ea1ae9c6c0919998b46d9dfa
- SHA1
  
  ee0220cb1f18c48c5291aa602872e2eb4ee5aac5
- SHA256
  
  6757931a35277fd29ac23ebfb94850578c22918394f4e79325d5a93078092769
- SHA512
  
  b622626e4402894f2b7348aeee883e448513991d91c8d2ce34ca67db9b36fcc268f0ab8bdabd7850d975593d5d9991c4829cae4819812dcf1932bf34109dc509
- SSDEEP
  
  24576:BYFbkIsaPiXSVnC7Yp9zkNmZG8RRlnMyzcjzV/EE:BYREXSVMDi3wjzlEE
Score

10^/10

gh0strat discovery persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Gh0strat family
  gh0strat
- Server Software Component: Terminal Services DLL
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratdiscoverypersistencerat

© 2018-2025

Terms | Privacy