gh0strat | cec77df2842ec4175de81e63da0b78b7a10c1e64b9cf3b4c61b9232a3294c0f3 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

JaffaCakes...c3.exe

windows7-x64

JaffaCakes...c3.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_65815c591cc4e461a16700230d6550c3
Size

263KB
Sample

250311-qqz4msvvcs
MD5

65815c591cc4e461a16700230d6550c3
SHA1

10c70762df0fdca27d7b5d6d9a50424830dd08d8
SHA256

cec77df2842ec4175de81e63da0b78b7a10c1e64b9cf3b4c61b9232a3294c0f3
SHA512

759a1fbcb2c5f87da854972181efc8cad125c7645554783d46396edde6014bcde9fcf46ede298e8f4433575635f956304feebfbfcf88b2f52674049118099cf7
SSDEEP

6144:ui/Syc8qgVXVRg/iicw+dwFfNup+BVJoU0Z:xScvXVRFir7Ftw

Score

10^/10

gh0strat discovery persistence rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_65815c591cc4e461a16700230d6550c3.exe

Resource

win7-20250207-en

gh0strat discovery persistence rat

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_65815c591cc4e461a16700230d6550c3.exe

Resource

win10v2004-20250217-en

gh0strat discovery persistence rat

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_65815c591cc4e461a16700230d6550c3
- Size
  
  263KB
- MD5
  
  65815c591cc4e461a16700230d6550c3
- SHA1
  
  10c70762df0fdca27d7b5d6d9a50424830dd08d8
- SHA256
  
  cec77df2842ec4175de81e63da0b78b7a10c1e64b9cf3b4c61b9232a3294c0f3
- SHA512
  
  759a1fbcb2c5f87da854972181efc8cad125c7645554783d46396edde6014bcde9fcf46ede298e8f4433575635f956304feebfbfcf88b2f52674049118099cf7
- SSDEEP
  
  6144:ui/Syc8qgVXVRg/iicw+dwFfNup+BVJoU0Z:xScvXVRFir7Ftw
Score

10^/10

gh0strat discovery persistence rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Gh0strat family
  gh0strat
- Server Software Component: Terminal Services DLL
  persistence
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratdiscoverypersistencerat

behavioral2

gh0stratdiscoverypersistencerat

© 2018-2025

Terms | Privacy