gh0strat | c2ea3fbe8da880ab9ebfc6fe9e5548125c323e16474a42d5343474814ef34b1e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8ffe9321322c21221f2aafdf6dc4b5df_JaffaCakes118
Size

592KB
Sample

240603-a23qxaec66
MD5

8ffe9321322c21221f2aafdf6dc4b5df
SHA1

1b57fe81435dec59645ad38e660486701569fb1f
SHA256

c2ea3fbe8da880ab9ebfc6fe9e5548125c323e16474a42d5343474814ef34b1e
SHA512

4addce41876712188ce64f2c9d40eb0bbfbdbecb6284fb35cb74653f4acee63f6866fbd30470da6ead7bb69c35e860c7b49a464272ca01c014b2f334cea2162d
SSDEEP

6144:dQthdrZd7fOW3lnPGr5r/CIlsu32fMMkqRwCd/tLu:dQtLrZd73RAr/Cisq2f3kSdt

Score

10^/10

gh0strat persistence rat

Malware Config

Extracted

Family

gh0strat

C2

58.218.213.74

Targets

- Target
  
  8ffe9321322c21221f2aafdf6dc4b5df_JaffaCakes118
- Size
  
  592KB
- MD5
  
  8ffe9321322c21221f2aafdf6dc4b5df
- SHA1
  
  1b57fe81435dec59645ad38e660486701569fb1f
- SHA256
  
  c2ea3fbe8da880ab9ebfc6fe9e5548125c323e16474a42d5343474814ef34b1e
- SHA512
  
  4addce41876712188ce64f2c9d40eb0bbfbdbecb6284fb35cb74653f4acee63f6866fbd30470da6ead7bb69c35e860c7b49a464272ca01c014b2f334cea2162d
- SSDEEP
  
  6144:dQthdrZd7fOW3lnPGr5r/CIlsu32fMMkqRwCd/tLu:dQtLrZd73RAr/Cisq2f3kSdt
Score

10^/10

gh0strat rat persistence
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

gh0stratpersistencerat