gh0strat | fe7c6926e9f35eea5d5b075f4fd1abdb77fa6c60ebf0b2adc3d1b80d2c09f9b0 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

8b129a5b8b...18.exe

windows7-x64

8b129a5b8b...18.exe

windows10-2004-x64

Sharing

General

Target

8b129a5b8b2d495537d6e902fafca7b2_JaffaCakes118
Size

737KB
Sample

240811-ttcpas1glb
MD5

8b129a5b8b2d495537d6e902fafca7b2
SHA1

f4fc78c4da30f08ef7a95cc47c1733aa86a5266a
SHA256

fe7c6926e9f35eea5d5b075f4fd1abdb77fa6c60ebf0b2adc3d1b80d2c09f9b0
SHA512

a5fdecb4d6d144a31144df7783e37fdaaba15705f46cc9dd3a14031d93e7da4b839f390d6b3fc4ee6ac16250c19deb2b0c41939427d6adf3c5125fa46f718a91
SSDEEP

12288:NM5H1C52oxL3aKHx5r+TuxPhNWwgsAO3otNHANUTNlq:NM5H1C0w3aKHx5r+TuxPhpgpOmHq

Score

10^/10

gh0strat discovery persistence rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

8b129a5b8b2d495537d6e902fafca7b2_JaffaCakes118.exe

Resource

win7-20240705-en

gh0strat discovery persistence rat

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

8b129a5b8b2d495537d6e902fafca7b2_JaffaCakes118.exe

Resource

win10v2004-20240802-en

gh0strat discovery persistence rat

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  8b129a5b8b2d495537d6e902fafca7b2_JaffaCakes118
- Size
  
  737KB
- MD5
  
  8b129a5b8b2d495537d6e902fafca7b2
- SHA1
  
  f4fc78c4da30f08ef7a95cc47c1733aa86a5266a
- SHA256
  
  fe7c6926e9f35eea5d5b075f4fd1abdb77fa6c60ebf0b2adc3d1b80d2c09f9b0
- SHA512
  
  a5fdecb4d6d144a31144df7783e37fdaaba15705f46cc9dd3a14031d93e7da4b839f390d6b3fc4ee6ac16250c19deb2b0c41939427d6adf3c5125fa46f718a91
- SSDEEP
  
  12288:NM5H1C52oxL3aKHx5r+TuxPhNWwgsAO3otNHANUTNlq:NM5H1C0w3aKHx5r+TuxPhpgpOmHq
Score

10^/10

gh0strat discovery persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratdiscoverypersistencerat

behavioral2

gh0stratdiscoverypersistencerat

© 2018-2025

Terms | Privacy