gh0strat | 2b29ce3f6e55e7048435491ce88d13a6588015281c25287d27758fa2594a99f8 | Triage

Submit
Reports

Overview

overview

Static

static

1ae7db3d33...18.dll

windows7-x64

1ae7db3d33...18.dll

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

1ae7db3d33b4b0a29e3dde24f6f005ce_JaffaCakes118
Size

112KB
Sample

240701-mahb4swakd
MD5

1ae7db3d33b4b0a29e3dde24f6f005ce
SHA1

71726f122e28aec693f110bfe8cca35f499d0a32
SHA256

2b29ce3f6e55e7048435491ce88d13a6588015281c25287d27758fa2594a99f8
SHA512

6cd7c31ea63dfc9d16c5dc10d7f43d6915fc127f94c027ba4a91d1472ddcd5df465fa3b9c2ec03fae292445278ec9f8362470a2deaf1629e8a9ae5ca71819b17
SSDEEP

3072:Pp55xFbi/O8Y24akP5N6JttHEIIou8Rke5vi/Jx/:RhF2/fYbakhN67qI9tRkQa/T

Score

10^/10

gh0strat rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

1ae7db3d33b4b0a29e3dde24f6f005ce_JaffaCakes118.dll

Resource

win7-20240220-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

1ae7db3d33b4b0a29e3dde24f6f005ce_JaffaCakes118.dll

Resource

win10v2004-20240508-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  1ae7db3d33b4b0a29e3dde24f6f005ce_JaffaCakes118
- Size
  
  112KB
- MD5
  
  1ae7db3d33b4b0a29e3dde24f6f005ce
- SHA1
  
  71726f122e28aec693f110bfe8cca35f499d0a32
- SHA256
  
  2b29ce3f6e55e7048435491ce88d13a6588015281c25287d27758fa2594a99f8
- SHA512
  
  6cd7c31ea63dfc9d16c5dc10d7f43d6915fc127f94c027ba4a91d1472ddcd5df465fa3b9c2ec03fae292445278ec9f8362470a2deaf1629e8a9ae5ca71819b17
- SSDEEP
  
  3072:Pp55xFbi/O8Y24akP5N6JttHEIIou8Rke5vi/Jx/:RhF2/fYbakhN67qI9tRkQa/T
Score

10^/10

gh0strat rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy