EtherealGh0st

Description

(Bitdefender) A variant of Gh0st RAT, evolved from TranslucentGh0st. The execution of the EthrealGh0st agent starts with the decryption of c2 addresses and ports, which are base64 encoded strings. After decoding, a SUB 6 operation is performed on the resulting buffer, and the c2 and port are passed down to establish the connection. Although the port is also encoded, it always has the same value, “Ojo5,” which corresponds to 443 after decryption.

Names

Name
EtherealGh0st

Type

Backdoor

Information

https://blogapp.bitdefender.com/labs/content/files/2024/05/Bitdefender-Report-DeepDive-creat7721-en_EN.pdf

Other Information

Uuid

83f74a13-33e7-432a-bbfe-291c4530d39a

Last Card Change

2024-06-18

Threat Intelligence Garden

Explorer

EtherealGh0st

EtherealGh0st

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks