gh0strat | 408632ad84bc391103e20efc4e790c0a38e8f8631c438148fa52ad9a2727fcbb | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3a783b67cb...18.exe

windows7-x64

3a783b67cb...18.exe

windows10-2004-x64

Sharing

General

Target

3a783b67cb6a17b443ee9820946dda26_JaffaCakes118
Size

127KB
Sample

240711-yb5pkstcmh
MD5

3a783b67cb6a17b443ee9820946dda26
SHA1

2b714568d9b5b81d3f77be134983d7c5f06a345c
SHA256

408632ad84bc391103e20efc4e790c0a38e8f8631c438148fa52ad9a2727fcbb
SHA512

125b34a2ac981bae64e06f968c4d87e2e2130a4ab6cce52ce4cddf9fbbecf252fbbc197003fc8abeeae5517d5488a3446c724b7cfc4f171873e5b1ec9a9145da
SSDEEP

3072:7eJB5WpPCMtzFCi9k2ttBB0NoYu/kvi3WZg:7eL5BM1si9kQfSNt+ka0

Score

10^/10

gh0strat rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

3a783b67cb6a17b443ee9820946dda26_JaffaCakes118.exe

Resource

win7-20240705-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

3a783b67cb6a17b443ee9820946dda26_JaffaCakes118.exe

Resource

win10v2004-20240709-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  3a783b67cb6a17b443ee9820946dda26_JaffaCakes118
- Size
  
  127KB
- MD5
  
  3a783b67cb6a17b443ee9820946dda26
- SHA1
  
  2b714568d9b5b81d3f77be134983d7c5f06a345c
- SHA256
  
  408632ad84bc391103e20efc4e790c0a38e8f8631c438148fa52ad9a2727fcbb
- SHA512
  
  125b34a2ac981bae64e06f968c4d87e2e2130a4ab6cce52ce4cddf9fbbecf252fbbc197003fc8abeeae5517d5488a3446c724b7cfc4f171873e5b1ec9a9145da
- SSDEEP
  
  3072:7eJB5WpPCMtzFCi9k2ttBB0NoYu/kvi3WZg:7eL5BM1si9kQfSNt+ka0
Score

10^/10

gh0strat rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy