gh0strat

General

Target

b0d08e4ee2a958c8e69e78c0ed6fe068_JaffaCakes118
Size

187KB
Sample

241129-m4zs9a1rb1
MD5

b0d08e4ee2a958c8e69e78c0ed6fe068
SHA1

aaa6bd7d04e5de7f3c21f90de1f0a8de22ab6446
SHA256

624fa3daa42ba4f5e7302c2ce0909f76eb68e9c9717690698b0d902ebbd7a2ab
SHA512

f4f1b43c606fa2b862364da57a25a11f3efa808d7838e6fe23fdb50c8e2c71ff7d193f75aca194eaff696fcc6ceae7e2798f561b74936681c83b9ae08670dc5c
SSDEEP

3072:UR8Lk17GNK1hnz3lOOEZtcO5tonqoe7p52wGi00I112oqkPmvFSZBibTGHI:Uv1SNKnnzylXsSdxGLt12KkFSZBUTGHI

Score

10^/10

Malware Config

Extracted

Family

gozi

Targets

- Target
  
  b0d08e4ee2a958c8e69e78c0ed6fe068_JaffaCakes118
- Size
  
  187KB
- MD5
  
  b0d08e4ee2a958c8e69e78c0ed6fe068
- SHA1
  
  aaa6bd7d04e5de7f3c21f90de1f0a8de22ab6446
- SHA256
  
  624fa3daa42ba4f5e7302c2ce0909f76eb68e9c9717690698b0d902ebbd7a2ab
- SHA512
  
  f4f1b43c606fa2b862364da57a25a11f3efa808d7838e6fe23fdb50c8e2c71ff7d193f75aca194eaff696fcc6ceae7e2798f561b74936681c83b9ae08670dc5c
- SSDEEP
  
  3072:UR8Lk17GNK1hnz3lOOEZtcO5tonqoe7p52wGi00I112oqkPmvFSZBibTGHI:Uv1SNKnnzylXsSdxGLt12KkFSZBUTGHI
Score

10^/10

gh0strat gozi banker discovery isfb persistence rat trojan
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Gh0strat family
  gh0strat
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
- Server Software Component: Terminal Services DLL
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

1

T1505

Terminal Services DLL

1

T1505.005

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Gh0st RAT payload

Gh0strat family

Gozi

Gozi family

Server Software Component: Terminal Services DLL

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2