gh0strat | 44ce754a89cb346d14b8fe7ba938c8ff2b5e0bb845d0cd745b56dbda2ce2b258 | Triage

Submit
Reports

Overview

overview

Static

static

3

95495ab40b...18.exe

windows7-x64

95495ab40b...18.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

95495ab40b2a3681cc9e12a2caf41fd2_JaffaCakes118
Size

2.9MB
Sample

240814-j4tqfswgmj
MD5

95495ab40b2a3681cc9e12a2caf41fd2
SHA1

be5a2a5c8c4d6f5bc410da39263ceb5510a70306
SHA256

44ce754a89cb346d14b8fe7ba938c8ff2b5e0bb845d0cd745b56dbda2ce2b258
SHA512

d81112e20cf29bc3147d2335cd78e2fbc7ec453965001c6589f4bb744db09b7b71c16011bebf3591a6587361b31c40c8a0b625cc77b3b04e469dd4a2c59cfc42
SSDEEP

49152:v3B/3YSLJrYAAowkRKIQnGjPAR2kZwgQE4gQARVH/uKXXqYOnCDTj:/F3jLJrYoF2GjwB1+1Cr

Score

10^/10

gh0strat aspackv2 discovery persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

95495ab40b2a3681cc9e12a2caf41fd2_JaffaCakes118.exe

Resource

win7-20240705-en

gh0strat aspackv2 discovery persistence rat

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

95495ab40b2a3681cc9e12a2caf41fd2_JaffaCakes118.exe

Resource

win10v2004-20240802-en

gh0strat aspackv2 discovery persistence rat

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  95495ab40b2a3681cc9e12a2caf41fd2_JaffaCakes118
- Size
  
  2.9MB
- MD5
  
  95495ab40b2a3681cc9e12a2caf41fd2
- SHA1
  
  be5a2a5c8c4d6f5bc410da39263ceb5510a70306
- SHA256
  
  44ce754a89cb346d14b8fe7ba938c8ff2b5e0bb845d0cd745b56dbda2ce2b258
- SHA512
  
  d81112e20cf29bc3147d2335cd78e2fbc7ec453965001c6589f4bb744db09b7b71c16011bebf3591a6587361b31c40c8a0b625cc77b3b04e469dd4a2c59cfc42
- SSDEEP
  
  49152:v3B/3YSLJrYAAowkRKIQnGjPAR2kZwgQE4gQARVH/uKXXqYOnCDTj:/F3jLJrYoF2GjwB1+1Cr
Score

10^/10

gh0strat aspackv2 discovery persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

System Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0strataspackv2discoverypersistencerat

behavioral2

gh0strataspackv2discoverypersistencerat

© 2018-2025

Terms | Privacy