gh0strat | 576ba8d4be4b5d8c79e8b2552876bd786868ccbd4f237f49461a378692d40208 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

87e9a517ac...18.exe

windows7-x64

87e9a517ac...18.exe

windows10-2004-x64

Sharing

General

Target

87e9a517ac797e8ca22ba8ca0a1a490c_JaffaCakes118
Size

252KB
Sample

240531-w1tmhage61
MD5

87e9a517ac797e8ca22ba8ca0a1a490c
SHA1

914d6724fe7ea267a9297373772f7e2d46c7092c
SHA256

576ba8d4be4b5d8c79e8b2552876bd786868ccbd4f237f49461a378692d40208
SHA512

00135663e5aa2431d60fc79764918e053c221097d5d1d37d6d6b9cd65687302b57972ea83165d44adb6f860d6da1a9f3f25467bdeca22877f81a1de530a1fd50
SSDEEP

3072:iumlCA7x6tit/Qd9cVVxrv8oL2O9F+enxvoEiFSvG86CdDoQk:iDYtGY94PL5LXF/xg/F98pd

Score

10^/10

gh0strat evasion rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

87e9a517ac797e8ca22ba8ca0a1a490c_JaffaCakes118.exe

Resource

win7-20231129-en

gh0strat evasion rat trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

87e9a517ac797e8ca22ba8ca0a1a490c_JaffaCakes118.exe

Resource

win10v2004-20240426-en

gh0strat evasion rat trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  87e9a517ac797e8ca22ba8ca0a1a490c_JaffaCakes118
- Size
  
  252KB
- MD5
  
  87e9a517ac797e8ca22ba8ca0a1a490c
- SHA1
  
  914d6724fe7ea267a9297373772f7e2d46c7092c
- SHA256
  
  576ba8d4be4b5d8c79e8b2552876bd786868ccbd4f237f49461a378692d40208
- SHA512
  
  00135663e5aa2431d60fc79764918e053c221097d5d1d37d6d6b9cd65687302b57972ea83165d44adb6f860d6da1a9f3f25467bdeca22877f81a1de530a1fd50
- SSDEEP
  
  3072:iumlCA7x6tit/Qd9cVVxrv8oL2O9F+enxvoEiFSvG86CdDoQk:iDYtGY94PL5LXF/xg/F98pd
Score

10^/10

gh0strat evasion rat trojan
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratevasionrattrojan

behavioral2

gh0stratevasionrattrojan

© 2018-2025

Terms | Privacy