gh0strat | d0b2758fa189a9c465ce6500f7f225ea6201c217af1cd80f095e10c5baef9643 | Triage

Submit
Reports

Overview

overview

Static

static

7

fe190fa192...18.exe

windows7-x64

fe190fa192...18.exe

windows10-2004-x64

Sharing

General

Target

fe190fa19206fc7f07bd4d8408190dcf_JaffaCakes118
Size

688KB
Sample

240421-bqs8rsfe9y
MD5

fe190fa19206fc7f07bd4d8408190dcf
SHA1

58258c31b2bd81485cfc1d6452fa418730f93879
SHA256

d0b2758fa189a9c465ce6500f7f225ea6201c217af1cd80f095e10c5baef9643
SHA512

e6ddc82179fd90d0e5ac4fd60fdacfdd07a5869102e6882a3adfb26ee5882efc7c9b9afe922cbe41f14f2408dc781e20cbb56a61c19c65e9578f21ea9ff53409
SSDEEP

12288:z0jO6UKCkocDrq9HHXLMzmM4z9bKScZtmB/338F3i2jFKeH01g4+z:Z8ocCXLKmR92ScnmF338Fyhgv

Score

10^/10

gh0strat rat vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

fe190fa19206fc7f07bd4d8408190dcf_JaffaCakes118.exe

Resource

win7-20240215-en

gh0strat rat vmprotect

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

fe190fa19206fc7f07bd4d8408190dcf_JaffaCakes118.exe

Resource

win10v2004-20240412-en

gh0strat rat vmprotect

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  fe190fa19206fc7f07bd4d8408190dcf_JaffaCakes118
- Size
  
  688KB
- MD5
  
  fe190fa19206fc7f07bd4d8408190dcf
- SHA1
  
  58258c31b2bd81485cfc1d6452fa418730f93879
- SHA256
  
  d0b2758fa189a9c465ce6500f7f225ea6201c217af1cd80f095e10c5baef9643
- SHA512
  
  e6ddc82179fd90d0e5ac4fd60fdacfdd07a5869102e6882a3adfb26ee5882efc7c9b9afe922cbe41f14f2408dc781e20cbb56a61c19c65e9578f21ea9ff53409
- SSDEEP
  
  12288:z0jO6UKCkocDrq9HHXLMzmM4z9bKScZtmB/338F3i2jFKeH01g4+z:Z8ocCXLKmR92ScnmF338Fyhgv
Score

10^/10

gh0strat rat vmprotect
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gh0stratratvmprotect

behavioral2

gh0stratratvmprotect

© 2018-2024

Terms | Privacy