gh0strat | ee967f6b80ddb226f340899640484ccb32a73cacbd52248fff63c5dd6ef3595d | Triage

Sharing

General

Target

JaffaCakes118_53a1669f529743bbae224d376355bb0f
Size

308KB
Sample

250305-zy2f4szjz9
MD5

53a1669f529743bbae224d376355bb0f
SHA1

480f764c3f90f925ccdf779c08402144f775aa3c
SHA256

ee967f6b80ddb226f340899640484ccb32a73cacbd52248fff63c5dd6ef3595d
SHA512

2d3f1df284d3b009069ccfed9d59e47cf9b143a220b9ec9954a8a131b60c6a80fd45e92ac913daf926cc241042e7d4c4766c77d02a4a199aa5256fc74d93885d
SSDEEP

6144:MiTtiWB0wL7t/J5Gp34EnUC4G7v4G7AWF/:LXB0wd/rGN7UEJAi

Score

10^/10

gh0strat discovery persistence rat

Malware Config

Targets

- Target
  
  JaffaCakes118_53a1669f529743bbae224d376355bb0f
- Size
  
  308KB
- MD5
  
  53a1669f529743bbae224d376355bb0f
- SHA1
  
  480f764c3f90f925ccdf779c08402144f775aa3c
- SHA256
  
  ee967f6b80ddb226f340899640484ccb32a73cacbd52248fff63c5dd6ef3595d
- SHA512
  
  2d3f1df284d3b009069ccfed9d59e47cf9b143a220b9ec9954a8a131b60c6a80fd45e92ac913daf926cc241042e7d4c4766c77d02a4a199aa5256fc74d93885d
- SSDEEP
  
  6144:MiTtiWB0wL7t/J5Gp34EnUC4G7v4G7AWF/:LXB0wd/rGN7UEJAi
Score

10^/10

gh0strat discovery persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Gh0strat family
  gh0strat
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratdiscoverypersistencerat

behavioral2

gh0stratdiscoverypersistencerat