gh0strat | 01fdb1f44e874bfcee29c131402a0f55b48fb243a0f4eb0d1fcc9c4b1ef65ab0 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...eb.exe

windows7-x64

JaffaCakes...eb.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_4a2a329c3affc478eff3d4d727ea8feb
Size

231KB
Sample

250128-m5mkbawqax
MD5

4a2a329c3affc478eff3d4d727ea8feb
SHA1

78856c572ecb6c95e5acf6b5afb1ac9bd4f0c6b9
SHA256

01fdb1f44e874bfcee29c131402a0f55b48fb243a0f4eb0d1fcc9c4b1ef65ab0
SHA512

25ff4e40c0b9fa6279dc42c26b288ac71d1f8ca4db1fd50596154e5bcd00f09760486ee1ba06dca56ed2f0d89c7c48167266c67427aee65ea1f23b86ac3a5662
SSDEEP

3072:gzmDoyz1jEhM76wcdecmNX/1lD2rM5GBQCckl/6Ri89Rv0OfHa5ne2hHi:gKD31jEhM0mNX/CbQI+ieR7/8g

Score

10^/10

gh0strat discovery rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_4a2a329c3affc478eff3d4d727ea8feb.exe

Resource

win7-20240729-en

gh0strat discovery rat

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_4a2a329c3affc478eff3d4d727ea8feb.exe

Resource

win10v2004-20241007-en

gh0strat discovery rat

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_4a2a329c3affc478eff3d4d727ea8feb
- Size
  
  231KB
- MD5
  
  4a2a329c3affc478eff3d4d727ea8feb
- SHA1
  
  78856c572ecb6c95e5acf6b5afb1ac9bd4f0c6b9
- SHA256
  
  01fdb1f44e874bfcee29c131402a0f55b48fb243a0f4eb0d1fcc9c4b1ef65ab0
- SHA512
  
  25ff4e40c0b9fa6279dc42c26b288ac71d1f8ca4db1fd50596154e5bcd00f09760486ee1ba06dca56ed2f0d89c7c48167266c67427aee65ea1f23b86ac3a5662
- SSDEEP
  
  3072:gzmDoyz1jEhM76wcdecmNX/1lD2rM5GBQCckl/6Ri89Rv0OfHa5ne2hHi:gKD31jEhM0mNX/CbQI+ieR7/8g
Score

10^/10

gh0strat discovery rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Gh0strat family
  gh0strat
- Blocklisted process makes network request
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratdiscoveryrat

behavioral2

gh0stratdiscoveryrat

© 2018-2025

Terms | Privacy