gh0strat | 6e1de8d920d78be42e3055b1e70a063e443f6b9fa8bb280eec8f170e74fd494e | Triage

Sharing

General

Target

JaffaCakes118_41c063b5a5bf6d0dfce5a6a43d633b02
Size

338KB
Sample

250127-vezqysypbn
MD5

41c063b5a5bf6d0dfce5a6a43d633b02
SHA1

7f398db19501baaa7bf3d02f78d8478c7edd3925
SHA256

6e1de8d920d78be42e3055b1e70a063e443f6b9fa8bb280eec8f170e74fd494e
SHA512

748d242ef0176eb4587b0660ad1f9aa651be8373e8117d09e41f233a214e8c64df29274f5843bde4b92cbcf7e7ffd4737762459e72dda17bb496cb149fc546ae
SSDEEP

6144:Z65sLKiViyp2m0MycULiayMe4HkvVrqDuUAp40ZpzgvLi56z:A55zypMzHIsHk9mhA+0ZKvLiEz

Score

10^/10

gh0strat discovery rat

Malware Config

Targets

- Target
  
  360rsp.exe
- Size
  
  562KB
- MD5
  
  fe7279ede3a7dcb7184105e6ebad8462
- SHA1
  
  7bb5420426828b1fb5c39655dd2970a5eefbd47e
- SHA256
  
  6c36e20b91ea36d03c7ac4cbddce7d045470757f21da2e340abb6510c4ba6b87
- SHA512
  
  1853792e5f40e92e36094b02d1a05e767c20923b19f0b85ced2f70e23c695b8d3273fa150004e659f9c721919110b82d3e19331d8f309e482ea3f927277d4109
- SSDEEP
  
  12288:3opCiRmtWBygSpspt7t0Ms9tmc5xW0UG24ip0hfHvpeWVRQWocoooooYoooooooh:l7q22h0MstmWxZUG24ip+vpeWVRnocoV
Score

10^/10

gh0strat discovery rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Gh0strat family
  gh0strat
behavioral1 behavioral2
- Target
  
  456Login.dll
- Size
  
  107KB
- MD5
  
  bf49388666c4587ed8abf1254032f998
- SHA1
  
  c6874f8f69df781de7dd2026bcbcf1a84df4a5f2
- SHA256
  
  b023b6c00265cf882e8eb6dc7ad01fe4fa81ad5a7cddd95596bcc3de5f57e722
- SHA512
  
  919ded31aad1e2065553f4bcf2201b5444c51743097dbff7f96e4adbb8364aa79fb03b16423c2884651d92d61bb0a3786668d09b49a69011920f57b1e2dacf7e
- SSDEEP
  
  1536:u0j6xEFieKEErXK/QYJwgiDfAmpC2jkpMSLmFJBfN8rdK0IZctcXFhi7yLmkK7Oa:GwvVqa/agiDY+vxN8Q0IGtc1hiE2n
Score

1^/10
behavioral3 behavioral4
- Target
  
  MachineGUID.dll
- Size
  
  23KB
- MD5
  
  817ce9b93a0a37e7090451e51ceebb34
- SHA1
  
  2fec8d26cb0125cb09ef5ac39cb805037da0b23d
- SHA256
  
  d3ef3f1dec90fbfff5ab5d8cd1cbe1a583f8c910eb5f4ae46bf6e1161669f17f
- SHA512
  
  ad0625461078158022be49cb54603a8a0620996516e655f909f440278aaec4375f2aa6f102e03c32e7bf15fb388a5342f74dd920f03d3f7a8c79a43bc5796610
- SSDEEP
  
  384:pSWI+/Brt+W8cohM1xb+MgdNxORY27cNA2RscBLdUyrOKKfQSIRME6yRqaNJawc5:UWI+JE+oh9xNxoXhjsywK5IRMenbcuyv
Score

3^/10

discovery
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratdiscoveryrat

behavioral2

gh0stratdiscoveryrat

behavioral3

behavioral4

behavioral5

behavioral6