gh0strat | af9f52dc177ac2c03601642aacc6e433d93abb5fdf6aa37155e23b3e1993836d | Triage

Submit
Reports

Overview

overview

Static

static

1

JaffaCakes...30.dll

windows7-x64

JaffaCakes...30.dll

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_48e2ca5cfdcc3301bd7616252e893530
Size

159KB
Sample

250303-yscecsxvcz
MD5

48e2ca5cfdcc3301bd7616252e893530
SHA1

197a9a9396e93f59b4fc3729dd6447baa405d032
SHA256

af9f52dc177ac2c03601642aacc6e433d93abb5fdf6aa37155e23b3e1993836d
SHA512

bae0257cb6dd8309634df11d02fcbd66ee9ca3fbf0f870224d8f6e726e6ee087da80870e74ebef3074c0cd2f34666c7ac6f154c8809bf84ae0fd2e263787cf4d
SSDEEP

3072:FQSPRcIULrdDMKCyk2q0b2NhtVEXUh2nqzRwZ/N:FLsdDM/sqwkEXUh2nqzAN

Score

10^/10

gh0strat discovery persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

JaffaCakes118_48e2ca5cfdcc3301bd7616252e893530.dll

Resource

win7-20240903-en

gh0strat discovery persistence rat

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_48e2ca5cfdcc3301bd7616252e893530.dll

Resource

win10v2004-20250217-en

gh0strat discovery persistence rat

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_48e2ca5cfdcc3301bd7616252e893530
- Size
  
  159KB
- MD5
  
  48e2ca5cfdcc3301bd7616252e893530
- SHA1
  
  197a9a9396e93f59b4fc3729dd6447baa405d032
- SHA256
  
  af9f52dc177ac2c03601642aacc6e433d93abb5fdf6aa37155e23b3e1993836d
- SHA512
  
  bae0257cb6dd8309634df11d02fcbd66ee9ca3fbf0f870224d8f6e726e6ee087da80870e74ebef3074c0cd2f34666c7ac6f154c8809bf84ae0fd2e263787cf4d
- SSDEEP
  
  3072:FQSPRcIULrdDMKCyk2q0b2NhtVEXUh2nqzRwZ/N:FLsdDM/sqwkEXUh2nqzAN
Score

10^/10

gh0strat discovery persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Gh0strat family
  gh0strat
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratdiscoverypersistencerat

behavioral2

gh0stratdiscoverypersistencerat

© 2018-2025

Terms | Privacy