gh0strat | b597a245a8de7703d638012eaa98a3f76ba6f3a02ba363376c737ac8e3583a0e | Triage

Sharing

General

Target

87ba0fe344cebbfcba8b7e05c2dd989a_JaffaCakes118
Size

890KB
Sample

240810-z8tt1syelq
MD5

87ba0fe344cebbfcba8b7e05c2dd989a
SHA1

f04d0bb7b52f524f8b6974cbd047ad981e500351
SHA256

b597a245a8de7703d638012eaa98a3f76ba6f3a02ba363376c737ac8e3583a0e
SHA512

4cdd1654b0e30d752ba9ca400b3378193d3b339fa7dd8caeaf93a06ba9ed0d42a0f8538d3dd1ab5aa9c2902627b2e6d42d0430823a2d1bad55526a6292aadbae
SSDEEP

12288:iM5jZKbBL3aKHx5r+TuxX+fWbwFBfdGmZNU:iM5j8Z3aKHx5r+TuxX+IwffFZNU

Score

10^/10

gh0strat discovery persistence rat

Malware Config

Targets

- Target
  
  87ba0fe344cebbfcba8b7e05c2dd989a_JaffaCakes118
- Size
  
  890KB
- MD5
  
  87ba0fe344cebbfcba8b7e05c2dd989a
- SHA1
  
  f04d0bb7b52f524f8b6974cbd047ad981e500351
- SHA256
  
  b597a245a8de7703d638012eaa98a3f76ba6f3a02ba363376c737ac8e3583a0e
- SHA512
  
  4cdd1654b0e30d752ba9ca400b3378193d3b339fa7dd8caeaf93a06ba9ed0d42a0f8538d3dd1ab5aa9c2902627b2e6d42d0430823a2d1bad55526a6292aadbae
- SSDEEP
  
  12288:iM5jZKbBL3aKHx5r+TuxX+fWbwFBfdGmZNU:iM5j8Z3aKHx5r+TuxX+IwffFZNU
Score

10^/10

gh0strat discovery persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratdiscoverypersistencerat

behavioral2

gh0stratdiscoverypersistencerat