gh0strat | 525b5e7df58b44c90edf99785005370d33cf840e5a15ef9291d8491a3513bd56 | Triage

Sharing

General

Target

060c2b16cf5697dcbf3e9079dc00d173_JaffaCakes118
Size

798KB
Sample

240620-pveg3asapn
MD5

060c2b16cf5697dcbf3e9079dc00d173
SHA1

dc7ef8441a0415574cd45106f8ce8f83c1f4422b
SHA256

525b5e7df58b44c90edf99785005370d33cf840e5a15ef9291d8491a3513bd56
SHA512

981d984a145ffc9b0b6c4ccfdf6627fb4b6a14ef7eb3dd084c53b25b475b9bc5ebba20a5b65f4061ad1ccf2663891f9233f2676a2f4d4a38a82dbbb4c1786ef5
SSDEEP

12288:iM5jZKbBL3aKHx5r+TuxX+fWbwFBfdGmZnR:iM5j8Z3aKHx5r+TuxX+IwffFZnR

Score

10^/10

gh0strat persistence rat

Malware Config

Targets

- Target
  
  060c2b16cf5697dcbf3e9079dc00d173_JaffaCakes118
- Size
  
  798KB
- MD5
  
  060c2b16cf5697dcbf3e9079dc00d173
- SHA1
  
  dc7ef8441a0415574cd45106f8ce8f83c1f4422b
- SHA256
  
  525b5e7df58b44c90edf99785005370d33cf840e5a15ef9291d8491a3513bd56
- SHA512
  
  981d984a145ffc9b0b6c4ccfdf6627fb4b6a14ef7eb3dd084c53b25b475b9bc5ebba20a5b65f4061ad1ccf2663891f9233f2676a2f4d4a38a82dbbb4c1786ef5
- SSDEEP
  
  12288:iM5jZKbBL3aKHx5r+TuxX+fWbwFBfdGmZnR:iM5j8Z3aKHx5r+TuxX+IwffFZnR
Score

10^/10

gh0strat persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratpersistencerat

behavioral2

gh0stratpersistencerat