gh0strat | 71e5fd43c7fe4d3c17503e0924f35667cb4e24b4d8e59e39eb759f17ad9c562a | Triage

Sharing

General

Target

JaffaCakes118_518925d4c206e726a1df45672f384b68
Size

1.0MB
Sample

250129-cg69psxmex
MD5

518925d4c206e726a1df45672f384b68
SHA1

365c8017a04f0cb4ccd01878690e1f97633f54ff
SHA256

71e5fd43c7fe4d3c17503e0924f35667cb4e24b4d8e59e39eb759f17ad9c562a
SHA512

bb77c3fb7042d931c3309e04fd06c150774ba73de9767b41eeaf4d2309c14e0be88cdd8feb305d00b2d3d2ae5381d2add117c6bb770f856a72510e33d95f7ded
SSDEEP

12288:iM5jZKbBL3aKHx5r+TuxX+fWbwFBfdGmZEy:iM5j8Z3aKHx5r+TuxX+IwffFZEy

Score

10^/10

gh0strat discovery persistence rat

Malware Config

Targets

- Target
  
  JaffaCakes118_518925d4c206e726a1df45672f384b68
- Size
  
  1.0MB
- MD5
  
  518925d4c206e726a1df45672f384b68
- SHA1
  
  365c8017a04f0cb4ccd01878690e1f97633f54ff
- SHA256
  
  71e5fd43c7fe4d3c17503e0924f35667cb4e24b4d8e59e39eb759f17ad9c562a
- SHA512
  
  bb77c3fb7042d931c3309e04fd06c150774ba73de9767b41eeaf4d2309c14e0be88cdd8feb305d00b2d3d2ae5381d2add117c6bb770f856a72510e33d95f7ded
- SSDEEP
  
  12288:iM5jZKbBL3aKHx5r+TuxX+fWbwFBfdGmZEy:iM5j8Z3aKHx5r+TuxX+IwffFZEy
Score

10^/10

gh0strat discovery persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Gh0strat family
  gh0strat
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratdiscoverypersistencerat

behavioral2

gh0stratdiscoverypersistencerat