gh0strat | 4ebb571c9bd3ee350c51dcee328736a505bb7dcd8adc875151e49603618d0434 | Triage

Sharing

General

Target

JaffaCakes118_4a608d69fc2671987f4231b0fdade60d
Size

495KB
Sample

250304-b4zygawlw7
MD5

4a608d69fc2671987f4231b0fdade60d
SHA1

bc2d3e65a1f17bfae70b7fb81c7ec3f39c909822
SHA256

4ebb571c9bd3ee350c51dcee328736a505bb7dcd8adc875151e49603618d0434
SHA512

6ca242a3a4890bcc3206c6748dcfd2df78e5b9201dfc38aaca3f059cdbc20f9f30fab8756c818b15a215e2511830ac7ed57fa6b42e61d81c52d6c18530441f43
SSDEEP

6144:7evzV8Yct6Ym5OjI6UOwqdC32bAAzMFig:7e7V8rzmb6URlizUig

Score

10^/10

gh0strat discovery persistence rat

Malware Config

Targets

- Target
  
  JaffaCakes118_4a608d69fc2671987f4231b0fdade60d
- Size
  
  495KB
- MD5
  
  4a608d69fc2671987f4231b0fdade60d
- SHA1
  
  bc2d3e65a1f17bfae70b7fb81c7ec3f39c909822
- SHA256
  
  4ebb571c9bd3ee350c51dcee328736a505bb7dcd8adc875151e49603618d0434
- SHA512
  
  6ca242a3a4890bcc3206c6748dcfd2df78e5b9201dfc38aaca3f059cdbc20f9f30fab8756c818b15a215e2511830ac7ed57fa6b42e61d81c52d6c18530441f43
- SSDEEP
  
  6144:7evzV8Yct6Ym5OjI6UOwqdC32bAAzMFig:7e7V8rzmb6URlizUig
Score

10^/10

gh0strat discovery persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Gh0strat family
  gh0strat
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratdiscoverypersistencerat

behavioral2

gh0stratdiscoverypersistencerat