gh0strat | bf3432ac86937b98d6eb28d1c28025949943fe8ef1c7d89dc5d8cbf1af883265 | Triage

Submit
Reports

Overview

overview

Static

static

c93a0eec7c...18.exe

windows7-x64

c93a0eec7c...18.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

c93a0eec7cd37d0b385dd7f30b658271_JaffaCakes118
Size

111KB
Sample

240829-vcrmka1gjc
MD5

c93a0eec7cd37d0b385dd7f30b658271
SHA1

523688ff1fcbab6da4a0244bb3c24bead0eb332e
SHA256

bf3432ac86937b98d6eb28d1c28025949943fe8ef1c7d89dc5d8cbf1af883265
SHA512

9e7ab9a0b3e5fdf9ba283b23291f78a9f2d961b156af40514037640440b82ffd8bd97750df707957c7bcd7b007f6117612ffe4dd02821d670fd2138f7dfb2555
SSDEEP

3072:dZ8MZsGA6P1XhkUVg8H8pd9Ti6iki1z3v:dZ8KsOtx1geCd9i6Ri1bv

Score

10^/10

gh0strat discovery persistence rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

c93a0eec7cd37d0b385dd7f30b658271_JaffaCakes118.exe

Resource

win7-20240704-en

gh0strat discovery persistence rat

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

c93a0eec7cd37d0b385dd7f30b658271_JaffaCakes118.exe

Resource

win10v2004-20240802-en

gh0strat discovery persistence rat

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  c93a0eec7cd37d0b385dd7f30b658271_JaffaCakes118
- Size
  
  111KB
- MD5
  
  c93a0eec7cd37d0b385dd7f30b658271
- SHA1
  
  523688ff1fcbab6da4a0244bb3c24bead0eb332e
- SHA256
  
  bf3432ac86937b98d6eb28d1c28025949943fe8ef1c7d89dc5d8cbf1af883265
- SHA512
  
  9e7ab9a0b3e5fdf9ba283b23291f78a9f2d961b156af40514037640440b82ffd8bd97750df707957c7bcd7b007f6117612ffe4dd02821d670fd2138f7dfb2555
- SSDEEP
  
  3072:dZ8MZsGA6P1XhkUVg8H8pd9Ti6iki1z3v:dZ8KsOtx1geCd9i6Ri1bv
Score

10^/10

gh0strat discovery persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Server Software Component: Terminal Services DLL
  persistence
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratdiscoverypersistencerat

behavioral2

gh0stratdiscoverypersistencerat

© 2018-2025

Terms | Privacy