Overview

overview

10

Static

static

3

fc04612d0d...18.exe

windows7-x64

10

fc04612d0d...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-04-2024 05:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fc04612d0d2d4e66d81f98ada78e22e9_JaffaCakes118.exe

  • Size

    272KB

  • MD5

    fc04612d0d2d4e66d81f98ada78e22e9

  • SHA1

    0c66344922fcc3bdfeb3cbb5401989f7535400fc

  • SHA256

    70beb1bb34d656cd2e675eff773f908b9d5c22cb07a93a3745b2dd9892cf1512

  • SHA512

    5c5dd0c6f9ce3b849dbf36966f659ef8d7c9527b4c442429b79f963d2ef4e82fa2549310f5587711358c5d2c6ce76784b729aca522121cb2f9aeaaba61aa96a9

  • SSDEEP

    6144:ER1/phJ7jYKhQohD964mxpP5PYR06ZKj4VEpSO:WfYK2e9644YR0bKEh

Score
10/10
gh0stratrat

Malware Config

Signatures

  • Gh0st RAT payload 2 IoCs
  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat
  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fc04612d0d2d4e66d81f98ada78e22e9_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\fc04612d0d2d4e66d81f98ada78e22e9_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    PID:4868
  • C:\Windows\rwztsq.exe
    C:\Windows\rwztsq.exe
    1⤵
    • Executes dropped EXE
    PID:2060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\rwztsq.exe
    Filesize

    272KB

    MD5

    fc04612d0d2d4e66d81f98ada78e22e9

    SHA1

    0c66344922fcc3bdfeb3cbb5401989f7535400fc

    SHA256

    70beb1bb34d656cd2e675eff773f908b9d5c22cb07a93a3745b2dd9892cf1512

    SHA512

    5c5dd0c6f9ce3b849dbf36966f659ef8d7c9527b4c442429b79f963d2ef4e82fa2549310f5587711358c5d2c6ce76784b729aca522121cb2f9aeaaba61aa96a9

    Download Submit
  • memory/2060-7-0x0000000010000000-0x000000001002C000-memory.dmp
    Filesize

    176KB

    Download
  • memory/4868-0-0x0000000010000000-0x000000001002C000-memory.dmp
    Filesize

    176KB

    Download