gh0strat | b88bace4e5a1b4b7f0a4d944b30f0248dd71873e0a8aaf339699d402856856e9 | Triage

Submit
Reports

Overview

overview

Static

static

JaffaCakes...41.exe

windows7-x64

JaffaCakes...41.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_60724e60e43f65c70227c44fb3603741
Size

385KB
Sample

250310-v1bk9asmv7
MD5

60724e60e43f65c70227c44fb3603741
SHA1

144ba24e082c2c920fb5c601790143f25523d909
SHA256

b88bace4e5a1b4b7f0a4d944b30f0248dd71873e0a8aaf339699d402856856e9
SHA512

bee650546ef9bb8bbde2c8d89eb0f3039344911045d9ee611a0ca4eddabbac3291a0b4f93c8f0db32b99deee208afaad0feddb27cec1c98c9e688d9236d8b476
SSDEEP

6144:wGzRxSVtp0l6whGfsKR+zkBpTaa5tJHYt4Z4q:Dt0VPFfsKAkrbPlYG+q

Score

10^/10

gh0strat discovery persistence rat upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_60724e60e43f65c70227c44fb3603741.exe

Resource

win7-20240903-en

gh0strat discovery persistence rat upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_60724e60e43f65c70227c44fb3603741.exe

Resource

win10v2004-20250217-en

gh0strat discovery persistence rat upx

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_60724e60e43f65c70227c44fb3603741
- Size
  
  385KB
- MD5
  
  60724e60e43f65c70227c44fb3603741
- SHA1
  
  144ba24e082c2c920fb5c601790143f25523d909
- SHA256
  
  b88bace4e5a1b4b7f0a4d944b30f0248dd71873e0a8aaf339699d402856856e9
- SHA512
  
  bee650546ef9bb8bbde2c8d89eb0f3039344911045d9ee611a0ca4eddabbac3291a0b4f93c8f0db32b99deee208afaad0feddb27cec1c98c9e688d9236d8b476
- SSDEEP
  
  6144:wGzRxSVtp0l6whGfsKR+zkBpTaa5tJHYt4Z4q:Dt0VPFfsKAkrbPlYG+q
Score

10^/10

gh0strat discovery persistence rat upx
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Gh0strat family
  gh0strat
- Executes dropped EXE
- Adds Run key to start application
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratdiscoverypersistenceratupx

behavioral2

gh0stratdiscoverypersistenceratupx

© 2018-2025

Terms | Privacy