gh0strat | 0f6b527c59b86355a1ba3550862cc96087f7fc9d4f603f3eb0a2d1cec35bea9e | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...81.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_9aac1581506a1a746c3c178e8ad84781
Size

742KB
Sample

250405-qpdh9axtgz
MD5

9aac1581506a1a746c3c178e8ad84781
SHA1

614ec5a770357cc8d9767c68649b824cd542ce9b
SHA256

0f6b527c59b86355a1ba3550862cc96087f7fc9d4f603f3eb0a2d1cec35bea9e
SHA512

2fe143cb53df661666e4f26272c37bf814203341f24b129f09b7b1e5068ca0a39fed4502b88d22359439d5c4d04c7ed1b9089de58e5416d0228672e254dfe24c
SSDEEP

12288:Fkjb7COcrmH4WMtX1xoPBBdBRrEpbjsA7wwgjEdtUGW1GngyGuea4Y2fqNQxz+JA:qH3omH4llxIBBvRr6sqzhU91ygsJ2fq4

Score

10^/10

gh0strat defense_evasion discovery rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_9aac1581506a1a746c3c178e8ad84781.exe

Resource

win10v2004-20250314-en

gh0strat defense_evasion discovery rat

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_9aac1581506a1a746c3c178e8ad84781
- Size
  
  742KB
- MD5
  
  9aac1581506a1a746c3c178e8ad84781
- SHA1
  
  614ec5a770357cc8d9767c68649b824cd542ce9b
- SHA256
  
  0f6b527c59b86355a1ba3550862cc96087f7fc9d4f603f3eb0a2d1cec35bea9e
- SHA512
  
  2fe143cb53df661666e4f26272c37bf814203341f24b129f09b7b1e5068ca0a39fed4502b88d22359439d5c4d04c7ed1b9089de58e5416d0228672e254dfe24c
- SSDEEP
  
  12288:Fkjb7COcrmH4WMtX1xoPBBdBRrEpbjsA7wwgjEdtUGW1GngyGuea4Y2fqNQxz+JA:qH3omH4llxIBBvRr6sqzhU91ygsJ2fq4
Score

10^/10

gh0strat defense_evasion discovery rat
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Gh0strat family
  gh0strat
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  defense_evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gh0stratdefense_evasiondiscoveryrat

© 2018-2025

Terms | Privacy