gh0strat | ef7d91c62d4e75f08ed0831ff1c1914ee4db4904fe2087e8dab79c9dc4bbf8d1

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
27-07-2024 14:58

Target

789011095fa394e93da6cc3c9d3c8878_JaffaCakes118.exe
Size

20.2MB
MD5

789011095fa394e93da6cc3c9d3c8878
SHA1

d1b556de9dab3156a5f3cc1eef10a6f8888c8f9a
SHA256

ef7d91c62d4e75f08ed0831ff1c1914ee4db4904fe2087e8dab79c9dc4bbf8d1
SHA512

bfe8dbe918f510c8f73724f4fb5adcd3cdc9c2a4e36d23c54b0f8a73a6c9b0af1dd18b9014b2725008e243e5e5030a61e4f97d570718d228521bcca89f830e02
SSDEEP

6144:+bRwzHD8zL+M6llBBAIFMYyPaoi8ke/fdGwv:cRwbDKd01rScOHdGO

Score

10^/10

gh0strat rat

Gh0st RAT payload 1 IoCs

resource	yara_rule
behavioral1/memory/2640-0-0x0000000000400000-0x0000000000432000-memory.dmp	family_gh0strat

Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
rat gh0strat

C:\Users\Admin\AppData\Local\Temp\789011095fa394e93da6cc3c9d3c8878_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\789011095fa394e93da6cc3c9d3c8878_JaffaCakes118.exe"
1⤵
PID:2640

memory/2640-0-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download