gh0strat | bef778f24809b4dacdc1af114a321e20eaae7d738e0e7ee6f6844c14ce91fc34 | Triage

Sharing

General

Target

df1d63563b1ae22d9c2c560f5ba47027_JaffaCakes118
Size

328KB
Sample

240913-3s1t6sweqg
MD5

df1d63563b1ae22d9c2c560f5ba47027
SHA1

704742cb8d2a1ea7650d662a7c6f0d556f2e8047
SHA256

bef778f24809b4dacdc1af114a321e20eaae7d738e0e7ee6f6844c14ce91fc34
SHA512

47d7966ddc0e1698eee1520ab368cd07f9b8c2e753db99131d449dc5aa26bc9b26a7b80c4d7410ce32acbc41f1f053d1ff58398d35f8f138f6b3b564448eaba9
SSDEEP

6144:kiTtbWB0YL7tSJ5pp34OinSL4G7v4G7AWFQbX:TQB0YdSrpNtP9JAN

Score

10^/10

gh0strat discovery persistence rat

Malware Config

Targets

- Target
  
  df1d63563b1ae22d9c2c560f5ba47027_JaffaCakes118
- Size
  
  328KB
- MD5
  
  df1d63563b1ae22d9c2c560f5ba47027
- SHA1
  
  704742cb8d2a1ea7650d662a7c6f0d556f2e8047
- SHA256
  
  bef778f24809b4dacdc1af114a321e20eaae7d738e0e7ee6f6844c14ce91fc34
- SHA512
  
  47d7966ddc0e1698eee1520ab368cd07f9b8c2e753db99131d449dc5aa26bc9b26a7b80c4d7410ce32acbc41f1f053d1ff58398d35f8f138f6b3b564448eaba9
- SSDEEP
  
  6144:kiTtbWB0YL7tSJ5pp34OinSL4G7v4G7AWFQbX:TQB0YdSrpNtP9JAN
Score

10^/10

gh0strat discovery persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratdiscoverypersistencerat

behavioral2

gh0stratdiscoverypersistencerat