gh0strat | 70beb1bb34d656cd2e675eff773f908b9d5c22cb07a93a3745b2dd9892cf1512 | Triage

Submit
Reports

Overview

overview

Static

static

3

fc04612d0d...18.exe

windows7-x64

fc04612d0d...18.exe

windows10-2004-x64

Sharing

General

Target

fc04612d0d2d4e66d81f98ada78e22e9_JaffaCakes118
Size

272KB
Sample

240420-f11g2she73
MD5

fc04612d0d2d4e66d81f98ada78e22e9
SHA1

0c66344922fcc3bdfeb3cbb5401989f7535400fc
SHA256

70beb1bb34d656cd2e675eff773f908b9d5c22cb07a93a3745b2dd9892cf1512
SHA512

5c5dd0c6f9ce3b849dbf36966f659ef8d7c9527b4c442429b79f963d2ef4e82fa2549310f5587711358c5d2c6ce76784b729aca522121cb2f9aeaaba61aa96a9
SSDEEP

6144:ER1/phJ7jYKhQohD964mxpP5PYR06ZKj4VEpSO:WfYK2e9644YR0bKEh

Score

10^/10

gh0strat rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fc04612d0d2d4e66d81f98ada78e22e9_JaffaCakes118.exe

Resource

win7-20240215-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

fc04612d0d2d4e66d81f98ada78e22e9_JaffaCakes118.exe

Resource

win10v2004-20240412-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  fc04612d0d2d4e66d81f98ada78e22e9_JaffaCakes118
- Size
  
  272KB
- MD5
  
  fc04612d0d2d4e66d81f98ada78e22e9
- SHA1
  
  0c66344922fcc3bdfeb3cbb5401989f7535400fc
- SHA256
  
  70beb1bb34d656cd2e675eff773f908b9d5c22cb07a93a3745b2dd9892cf1512
- SHA512
  
  5c5dd0c6f9ce3b849dbf36966f659ef8d7c9527b4c442429b79f963d2ef4e82fa2549310f5587711358c5d2c6ce76784b729aca522121cb2f9aeaaba61aa96a9
- SSDEEP
  
  6144:ER1/phJ7jYKhQohD964mxpP5PYR06ZKj4VEpSO:WfYK2e9644YR0bKEh
Score

10^/10

gh0strat rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy