gh0strat | 638dbc14f654e02475c375cdab05884cc24d546830cf1dd567c0b2461b3a15e3 | Triage

Submit
Reports

Overview

overview

Static

static

0821d568d1...18.exe

windows7-x64

0821d568d1...18.exe

windows10-2004-x64

Sharing

General

Target

0821d568d16221c5a6bc7a9379f0fd4a_JaffaCakes118
Size

1.2MB
Sample

240624-m5ybtasdnl
MD5

0821d568d16221c5a6bc7a9379f0fd4a
SHA1

cf3030cdf76e38bc9120192d574041d6ec516b48
SHA256

638dbc14f654e02475c375cdab05884cc24d546830cf1dd567c0b2461b3a15e3
SHA512

055870425b7a20c2b6c1987a4a3c03acd76d6b7121bdda633b7709a88f1b68cc4fb00af9a080b35df080c9cc98fa547d7411ad55abdb325c2709ca8633cee242
SSDEEP

12288:dQsN51wwR/Hr+TcfFCrWcOKv5WqLezM5sLbBoSCIrdWHQ:dQ21wwR/Hr+TcfFCvOY5kzM5sLbjB

Score

10^/10

gh0strat rat upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

0821d568d16221c5a6bc7a9379f0fd4a_JaffaCakes118.exe

Resource

win7-20240611-en

gh0strat rat upx

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

0821d568d16221c5a6bc7a9379f0fd4a_JaffaCakes118.exe

Resource

win10v2004-20240508-en

gh0strat rat upx

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  0821d568d16221c5a6bc7a9379f0fd4a_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  0821d568d16221c5a6bc7a9379f0fd4a
- SHA1
  
  cf3030cdf76e38bc9120192d574041d6ec516b48
- SHA256
  
  638dbc14f654e02475c375cdab05884cc24d546830cf1dd567c0b2461b3a15e3
- SHA512
  
  055870425b7a20c2b6c1987a4a3c03acd76d6b7121bdda633b7709a88f1b68cc4fb00af9a080b35df080c9cc98fa547d7411ad55abdb325c2709ca8633cee242
- SSDEEP
  
  12288:dQsN51wwR/Hr+TcfFCrWcOKv5WqLezM5sLbBoSCIrdWHQ:dQ21wwR/Hr+TcfFCvOY5kzM5sLbjB
Score

10^/10

gh0strat rat upx
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy