gh0strat | c10e601175384751e0b605bcfeb9aa46cc7b418b5e09f48fe8bb25acd925d621 | Triage

Submit
Reports

Overview

overview

Static

static

d01697ea78...18.exe

windows7-x64

d01697ea78...18.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

d01697ea783b87f7a98d5ddf1a534948_JaffaCakes118
Size

144KB
Sample

240906-v53wasyhmk
MD5

d01697ea783b87f7a98d5ddf1a534948
SHA1

1a8c04941d258e10fc3c5e1cd8e1a5bb5cb930a6
SHA256

c10e601175384751e0b605bcfeb9aa46cc7b418b5e09f48fe8bb25acd925d621
SHA512

ba0d739c5a69416fa5f04529e2a9d349ce21ed69c5d0008d2be88dde35a0f78a87f46af63aedf9deab61e17f82c8e8ecb991db6e6ace4bbbb90b4aad661c85f7
SSDEEP

3072:0UtyQMfPhWCQl+1zZTnlh+/QmCX9ibeqFiGvabDfnX3iH3:0UtyQMHhWCQA1lTyPCNMiGviU

Score

10^/10

gh0strat discovery persistence rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

d01697ea783b87f7a98d5ddf1a534948_JaffaCakes118.exe

Resource

win7-20240903-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

d01697ea783b87f7a98d5ddf1a534948_JaffaCakes118.exe

Resource

win10v2004-20240802-en

gh0strat discovery persistence rat

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  d01697ea783b87f7a98d5ddf1a534948_JaffaCakes118
- Size
  
  144KB
- MD5
  
  d01697ea783b87f7a98d5ddf1a534948
- SHA1
  
  1a8c04941d258e10fc3c5e1cd8e1a5bb5cb930a6
- SHA256
  
  c10e601175384751e0b605bcfeb9aa46cc7b418b5e09f48fe8bb25acd925d621
- SHA512
  
  ba0d739c5a69416fa5f04529e2a9d349ce21ed69c5d0008d2be88dde35a0f78a87f46af63aedf9deab61e17f82c8e8ecb991db6e6ace4bbbb90b4aad661c85f7
- SSDEEP
  
  3072:0UtyQMfPhWCQl+1zZTnlh+/QmCX9ibeqFiGvabDfnX3iH3:0UtyQMHhWCQA1lTyPCNMiGviU
Score

10^/10

gh0strat rat discovery persistence
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Server Software Component: Terminal Services DLL
  persistence
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

gh0stratdiscoverypersistencerat

© 2018-2025

Terms | Privacy