gh0strat | ea6d3b8152ff2f984cc360e3b0b83b9a8efdc9f255eb722797f9e6a322d8ed55 | Triage

Submit
Reports

Overview

overview

Static

static

ea89547ed3...18.exe

windows7-x64

ea89547ed3...18.exe

windows10-2004-x64

Sharing

General

Target

ea89547ed3ece1bfc73edae1abe07472_JaffaCakes118
Size

130KB
Sample

240410-h43gxsfe22
MD5

ea89547ed3ece1bfc73edae1abe07472
SHA1

dc9eff3c4a58667fc0c6602beaaa417babe875bc
SHA256

ea6d3b8152ff2f984cc360e3b0b83b9a8efdc9f255eb722797f9e6a322d8ed55
SHA512

ce9e0c020682caa201c30e265c5dc468d5f35e5cce74a54bd90867641555012f8a5ebe85d9f0c9ea98a6ec483e562f245ba94f0534ef8032a37bd2bf6ec9009c
SSDEEP

3072:a+wsECvdHcm6CQ8jiS672Hk+abOFsUAsCg0Meb90j:a+wpgBcm6CQzl72HNZFF50Mb

Score

10^/10

gh0strat persistence rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

ea89547ed3ece1bfc73edae1abe07472_JaffaCakes118.exe

Resource

win7-20231129-en

gh0strat persistence rat

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

ea89547ed3ece1bfc73edae1abe07472_JaffaCakes118.exe

Resource

win10v2004-20240226-en

gh0strat persistence rat

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  ea89547ed3ece1bfc73edae1abe07472_JaffaCakes118
- Size
  
  130KB
- MD5
  
  ea89547ed3ece1bfc73edae1abe07472
- SHA1
  
  dc9eff3c4a58667fc0c6602beaaa417babe875bc
- SHA256
  
  ea6d3b8152ff2f984cc360e3b0b83b9a8efdc9f255eb722797f9e6a322d8ed55
- SHA512
  
  ce9e0c020682caa201c30e265c5dc468d5f35e5cce74a54bd90867641555012f8a5ebe85d9f0c9ea98a6ec483e562f245ba94f0534ef8032a37bd2bf6ec9009c
- SSDEEP
  
  3072:a+wsECvdHcm6CQ8jiS672Hk+abOFsUAsCg0Meb90j:a+wpgBcm6CQzl72HNZFF50Mb
Score

10^/10

gh0strat persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Sets DLL path for service in the registry
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratpersistencerat

behavioral2

gh0stratpersistencerat

© 2018-2025

Terms | Privacy