gh0strat | 7e2a9631483e676811e9c3e2e0e6d8f5dcfce9b0dc2fde416c652c658d182d96 | Triage

Submit
Reports

Overview

overview

Static

static

de57e893f8...18.exe

windows7-x64

de57e893f8...18.exe

windows10-2004-x64

Sharing

General

Target

de57e893f8c4b7b3dc4ec72c92486c64_JaffaCakes118
Size

139KB
Sample

240913-qqwq8asdml
MD5

de57e893f8c4b7b3dc4ec72c92486c64
SHA1

714384e3b6ecc40ee5756135423ab729696bb586
SHA256

7e2a9631483e676811e9c3e2e0e6d8f5dcfce9b0dc2fde416c652c658d182d96
SHA512

16fead502e04042eecc5d96f13dbc7a51129e7ab9ab70cb340322d54ae4b2d24cdad63c24b04fe276a6809c7081d14b8102993e512c8591d3d252300275e7f58
SSDEEP

3072:pfa5QzbQxuY9SPuFjpo8xZzXFR0NbUEmplfaE+zUV:pfa5QXQZEGbo8xNT0tS/yE

Score

10^/10

gh0strat discovery persistence rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

de57e893f8c4b7b3dc4ec72c92486c64_JaffaCakes118.exe

Resource

win7-20240903-en

gh0strat discovery persistence rat

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

de57e893f8c4b7b3dc4ec72c92486c64_JaffaCakes118.exe

Resource

win10v2004-20240802-en

gh0strat discovery persistence rat

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  de57e893f8c4b7b3dc4ec72c92486c64_JaffaCakes118
- Size
  
  139KB
- MD5
  
  de57e893f8c4b7b3dc4ec72c92486c64
- SHA1
  
  714384e3b6ecc40ee5756135423ab729696bb586
- SHA256
  
  7e2a9631483e676811e9c3e2e0e6d8f5dcfce9b0dc2fde416c652c658d182d96
- SHA512
  
  16fead502e04042eecc5d96f13dbc7a51129e7ab9ab70cb340322d54ae4b2d24cdad63c24b04fe276a6809c7081d14b8102993e512c8591d3d252300275e7f58
- SSDEEP
  
  3072:pfa5QzbQxuY9SPuFjpo8xZzXFR0NbUEmplfaE+zUV:pfa5QXQZEGbo8xNT0tS/yE
Score

10^/10

gh0strat discovery persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Server Software Component: Terminal Services DLL
  persistence
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratdiscoverypersistencerat

behavioral2

gh0stratdiscoverypersistencerat

© 2018-2024

Terms | Privacy