gh0strat | 5934a25e94d412da8284fe8afdc962171a96488a568fd971b6bdc17961392559 | Triage

Submit
Reports

Overview

overview

Static

static

3

2fc0e94d7b...18.exe

windows7-x64

2fc0e94d7b...18.exe

windows10-2004-x64

Sharing

General

Target

2fc0e94d7bc3d1fd09222e2877d8bf6e_JaffaCakes118
Size

80KB
Sample

240709-k2df5aydlf
MD5

2fc0e94d7bc3d1fd09222e2877d8bf6e
SHA1

de116760b56360667cff6c800e932d132e110234
SHA256

5934a25e94d412da8284fe8afdc962171a96488a568fd971b6bdc17961392559
SHA512

920d293bf4ea76f18d86b274c7e394ad040910b89aec3182027d76906a646691875b1a565e337308c408a17d235328a1b30e75e53410224204ea5e2cb4e58dbd
SSDEEP

1536:sFz0LnC0atiq+9Cc73McaTBFb0bJ+oa/xrpnHTlyojsjxNe22JjIHM:sFz90hq+Yc7Hf4oa5r5sojsj+oM

Score

10^/10

gh0strat persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2fc0e94d7bc3d1fd09222e2877d8bf6e_JaffaCakes118.exe

Resource

win7-20240704-en

gh0strat persistence rat

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

2fc0e94d7bc3d1fd09222e2877d8bf6e_JaffaCakes118.exe

Resource

win10v2004-20240704-en

gh0strat persistence rat

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  2fc0e94d7bc3d1fd09222e2877d8bf6e_JaffaCakes118
- Size
  
  80KB
- MD5
  
  2fc0e94d7bc3d1fd09222e2877d8bf6e
- SHA1
  
  de116760b56360667cff6c800e932d132e110234
- SHA256
  
  5934a25e94d412da8284fe8afdc962171a96488a568fd971b6bdc17961392559
- SHA512
  
  920d293bf4ea76f18d86b274c7e394ad040910b89aec3182027d76906a646691875b1a565e337308c408a17d235328a1b30e75e53410224204ea5e2cb4e58dbd
- SSDEEP
  
  1536:sFz0LnC0atiq+9Cc73McaTBFb0bJ+oa/xrpnHTlyojsjxNe22JjIHM:sFz90hq+Yc7Hf4oa5r5sojsj+oM
Score

10^/10

gh0strat persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratpersistencerat

behavioral2

gh0stratpersistencerat

© 2018-2025

Terms | Privacy