gh0strat | 113274f68b8b4ab28793d9e85f54d1260a2d51dbcfacb0a27767415b0603a3d2 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

ff801df30c...18.dll

windows7-x64

ff801df30c...18.dll

windows10-2004-x64

Sharing

General

Target

ff801df30c4e5a90ce36d2f65c996f50_JaffaCakes118
Size

112KB
Sample

240929-3h5elswckm
MD5

ff801df30c4e5a90ce36d2f65c996f50
SHA1

3177e672eb6b391b8c3ee3f66d3e44473aedb5b4
SHA256

113274f68b8b4ab28793d9e85f54d1260a2d51dbcfacb0a27767415b0603a3d2
SHA512

00098fb3caa9d6c268aa759ef40c1e6458bd9e0ef5b4f821626703d95db80be9c7c10b1ec03747dabc94c13c64c1d9d3fd524c0bed39a03b39b4b6b0642ff78e
SSDEEP

3072:g81m+O6rM/TWeHiYz3hLTIhttHU4o4ugkCiHWwx:l1TMvCYVLTIT64N1kJ2W

Score

10^/10

gh0strat discovery rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

ff801df30c4e5a90ce36d2f65c996f50_JaffaCakes118.dll

Resource

win7-20240704-en

gh0strat discovery rat

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

ff801df30c4e5a90ce36d2f65c996f50_JaffaCakes118.dll

Resource

win10v2004-20240802-en

gh0strat discovery rat

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  ff801df30c4e5a90ce36d2f65c996f50_JaffaCakes118
- Size
  
  112KB
- MD5
  
  ff801df30c4e5a90ce36d2f65c996f50
- SHA1
  
  3177e672eb6b391b8c3ee3f66d3e44473aedb5b4
- SHA256
  
  113274f68b8b4ab28793d9e85f54d1260a2d51dbcfacb0a27767415b0603a3d2
- SHA512
  
  00098fb3caa9d6c268aa759ef40c1e6458bd9e0ef5b4f821626703d95db80be9c7c10b1ec03747dabc94c13c64c1d9d3fd524c0bed39a03b39b4b6b0642ff78e
- SSDEEP
  
  3072:g81m+O6rM/TWeHiYz3hLTIhttHU4o4ugkCiHWwx:l1TMvCYVLTIT64N1kJ2W
Score

10^/10

gh0strat discovery rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratdiscoveryrat

behavioral2

gh0stratdiscoveryrat

© 2018-2025

Terms | Privacy