gh0strat | ebadd716d888c2e0e52c5d901e5cebd9ca91653a8b7d553a90917536529b11d8 | Triage

Submit
Reports

Overview

overview

Static

static

3

e1354b3909...18.exe

windows7-x64

e1354b3909...18.exe

windows10-2004-x64

Sharing

General

Target

e1354b3909b18a857849c11ad834dc7b_JaffaCakes118
Size

662KB
Sample

240914-2yxt2asajc
MD5

e1354b3909b18a857849c11ad834dc7b
SHA1

dd2cc704b92fab97172406a241b71c17b25ec2cf
SHA256

ebadd716d888c2e0e52c5d901e5cebd9ca91653a8b7d553a90917536529b11d8
SHA512

2a3fdb58eac3ce10dd9d8b0087189a01552c4ef34ff08a4e27e3df24d76337a3d0f593c0d2f4237a03f8abd2fd02254e21a508dee537ce2f9ede5b5548029c86
SSDEEP

6144:QtP96wgvRHCzOYtqlGyzcsX3KA0LQIQRsUhNwLQSrFr9DTRKv:Qz3gNCpOdn/upU/m5rfKv

Score

10^/10

gh0strat discovery persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e1354b3909b18a857849c11ad834dc7b_JaffaCakes118.exe

Resource

win7-20240704-en

gh0strat discovery persistence rat

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

e1354b3909b18a857849c11ad834dc7b_JaffaCakes118.exe

Resource

win10v2004-20240802-en

gh0strat discovery persistence rat

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  e1354b3909b18a857849c11ad834dc7b_JaffaCakes118
- Size
  
  662KB
- MD5
  
  e1354b3909b18a857849c11ad834dc7b
- SHA1
  
  dd2cc704b92fab97172406a241b71c17b25ec2cf
- SHA256
  
  ebadd716d888c2e0e52c5d901e5cebd9ca91653a8b7d553a90917536529b11d8
- SHA512
  
  2a3fdb58eac3ce10dd9d8b0087189a01552c4ef34ff08a4e27e3df24d76337a3d0f593c0d2f4237a03f8abd2fd02254e21a508dee537ce2f9ede5b5548029c86
- SSDEEP
  
  6144:QtP96wgvRHCzOYtqlGyzcsX3KA0LQIQRsUhNwLQSrFr9DTRKv:Qz3gNCpOdn/upU/m5rfKv
Score

10^/10

gh0strat discovery persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratdiscoverypersistencerat

behavioral2

gh0stratdiscoverypersistencerat

© 2018-2025

Terms | Privacy