gh0strat | a259b59a5f7826b5fe301aa73900a073c357d69ad6d3e78390710bb2de02f2f2 | Triage

Submit
Reports

Overview

overview

Static

static

414054fd35...18.exe

windows7-x64

414054fd35...18.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

414054fd356e7f72a4627f5d210438db_JaffaCakes118
Size

113KB
Sample

241013-wexr2azbld
MD5

414054fd356e7f72a4627f5d210438db
SHA1

0580a18f23e3483442c906d293b8b24273909c02
SHA256

a259b59a5f7826b5fe301aa73900a073c357d69ad6d3e78390710bb2de02f2f2
SHA512

fbb7e736f3f9b70a10c4913806e8c30093acb2842429551891f1f6a2924506b62d203518c4695dee5b33f118ccad167432c16fefebd38a31488a644a85f8f2a9
SSDEEP

3072:Tlxsu6kKINavRrpygDKnEFDK2UgNZf0SVU+G478:TlxsuZKINaJZ+nEF2sZs2G4

Score

10^/10

gh0strat discovery persistence rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

414054fd356e7f72a4627f5d210438db_JaffaCakes118.exe

Resource

win7-20240903-en

gh0strat discovery persistence rat

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

414054fd356e7f72a4627f5d210438db_JaffaCakes118.exe

Resource

win10v2004-20241007-en

gh0strat discovery persistence rat

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  414054fd356e7f72a4627f5d210438db_JaffaCakes118
- Size
  
  113KB
- MD5
  
  414054fd356e7f72a4627f5d210438db
- SHA1
  
  0580a18f23e3483442c906d293b8b24273909c02
- SHA256
  
  a259b59a5f7826b5fe301aa73900a073c357d69ad6d3e78390710bb2de02f2f2
- SHA512
  
  fbb7e736f3f9b70a10c4913806e8c30093acb2842429551891f1f6a2924506b62d203518c4695dee5b33f118ccad167432c16fefebd38a31488a644a85f8f2a9
- SSDEEP
  
  3072:Tlxsu6kKINavRrpygDKnEFDK2UgNZf0SVU+G478:TlxsuZKINaJZ+nEF2sZs2G4
Score

10^/10

gh0strat discovery persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Server Software Component: Terminal Services DLL
  persistence
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratdiscoverypersistencerat

behavioral2

gh0stratdiscoverypersistencerat

© 2018-2025

Terms | Privacy