gh0strat | 503272fb015d5607dcdeb347f9f4b968d73ababeab618040f1f1a62d487679b9 | Triage

Sharing

General

Target

JaffaCakes118_3a4185f50b2f02ce2d533bac475d6544
Size

405KB
Sample

250301-vbypgswps8
MD5

3a4185f50b2f02ce2d533bac475d6544
SHA1

e6e35e1c90fb6cc37b5bd754fa0c310112db02b8
SHA256

503272fb015d5607dcdeb347f9f4b968d73ababeab618040f1f1a62d487679b9
SHA512

df4e5854efe93baf30e5ef7a07b239fb72528cda99091cd04ea732a54382cd6b57f116e1eddb20083d9c39234d21c7507c5d08aa1b2056334c72adf020659588
SSDEEP

6144:7evzV8Yct6Ym5OjI6UOwqdC32bAAzMFBYc:7e7V8rzmb6URlizUBF

Score

10^/10

gh0strat discovery persistence rat

Malware Config

Targets

- Target
  
  JaffaCakes118_3a4185f50b2f02ce2d533bac475d6544
- Size
  
  405KB
- MD5
  
  3a4185f50b2f02ce2d533bac475d6544
- SHA1
  
  e6e35e1c90fb6cc37b5bd754fa0c310112db02b8
- SHA256
  
  503272fb015d5607dcdeb347f9f4b968d73ababeab618040f1f1a62d487679b9
- SHA512
  
  df4e5854efe93baf30e5ef7a07b239fb72528cda99091cd04ea732a54382cd6b57f116e1eddb20083d9c39234d21c7507c5d08aa1b2056334c72adf020659588
- SSDEEP
  
  6144:7evzV8Yct6Ym5OjI6UOwqdC32bAAzMFBYc:7e7V8rzmb6URlizUBF
Score

10^/10

gh0strat discovery persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Gh0strat family
  gh0strat
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratdiscoverypersistencerat

behavioral2

gh0stratdiscoverypersistencerat