General
-
Target
fab7da653e8faa2a23f5db0c9d2b9b9d_JaffaCakes118
-
Size
260KB
-
Sample
240419-t4elmsab81
-
MD5
fab7da653e8faa2a23f5db0c9d2b9b9d
-
SHA1
afb4764006c20ad9db0bba8db34f4344ea9fcb6f
-
SHA256
0b187ae35456a6dd4cb123db080985d67b63013f497ab6087fe37bb419798023
-
SHA512
ea319454dd8c0340d661e14882af36113cb5a9a65419451f0ba54aa4d73e5d5f081dba889d52710c6e8cad791d7d316bb5d38c64f70aa3e68362c9bee69f1e44
-
SSDEEP
6144:f9getNYtrKVH0pwpM+E6J4Kxawy1GsoozQ9baGB:f9getNErKVH0pp+lJ4WaEkDG
Malware Config
Targets
-
-
Target
fab7da653e8faa2a23f5db0c9d2b9b9d_JaffaCakes118
-
Size
260KB
-
MD5
fab7da653e8faa2a23f5db0c9d2b9b9d
-
SHA1
afb4764006c20ad9db0bba8db34f4344ea9fcb6f
-
SHA256
0b187ae35456a6dd4cb123db080985d67b63013f497ab6087fe37bb419798023
-
SHA512
ea319454dd8c0340d661e14882af36113cb5a9a65419451f0ba54aa4d73e5d5f081dba889d52710c6e8cad791d7d316bb5d38c64f70aa3e68362c9bee69f1e44
-
SSDEEP
6144:f9getNYtrKVH0pwpM+E6J4Kxawy1GsoozQ9baGB:f9getNErKVH0pp+lJ4WaEkDG
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-