TranslucentGh0st

Description

(https://blogapp.bitdefender.com/labs/content/files/2024/05/Bitdefender-Report-DeepDive-creat7721-en_EN.pdf}Bitdefender) A Variant of Gh0st RAT. The analysis and comparison of EtherealGh0st and TranslucentGh0st showed that TranslucentGh0st is the predecessor of the EtherealGh0st. The difference between these two is that TranslucentGh0st uses byte constants to determine the command to interpret. The c2 address is base64 encoded and encrypted with a byte-XOR with 0x28 and SUB 0xC. The port is hardcoded into the binary in plain.

Names

Name
TranslucentGh0st

Category

Malware

Type

• Backdoor

Information

• https://blogapp.bitdefender.com/labs/content/files/2024/05/Bitdefender-Report-DeepDive-creat7721-en_EN.pdf

Other Information

Uuid

c7fe67ce-9ef6-495a-9b4c-b5c7fb2e4c63

Last Card Change

2024-06-18