General
-
Target
fc4896edc72ba726eebda2271be493f6_JaffaCakes118
-
Size
169KB
-
Sample
240420-jq7p6acf2s
-
MD5
fc4896edc72ba726eebda2271be493f6
-
SHA1
b8fe3933906ba8988925dfabf924dbce6ced6436
-
SHA256
83fbb1cb049ba2fb7cad60ac4d8e518c0c1c445fa869bd9750c9e84cfb489333
-
SHA512
ef9bede22f5019bd48eafdc4ed6d70a2755088d264ff592fe57ce2e01463f67a7160f741ad1ca4d88038c6768ad96b84af37a71f585b493d773c79036b669517
-
SSDEEP
3072:ALk395hYXJNuhV+g4yidNvJJngaWMY4n6tVojmTic+BSLLpjJj:AQqG+9yYNvJJnnjKiDBALBJj
Static task
static1
Behavioral task
behavioral1
Sample
fc4896edc72ba726eebda2271be493f6_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
fc4896edc72ba726eebda2271be493f6_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
20061193428.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
20061193428.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
fc4896edc72ba726eebda2271be493f6_JaffaCakes118
-
Size
169KB
-
MD5
fc4896edc72ba726eebda2271be493f6
-
SHA1
b8fe3933906ba8988925dfabf924dbce6ced6436
-
SHA256
83fbb1cb049ba2fb7cad60ac4d8e518c0c1c445fa869bd9750c9e84cfb489333
-
SHA512
ef9bede22f5019bd48eafdc4ed6d70a2755088d264ff592fe57ce2e01463f67a7160f741ad1ca4d88038c6768ad96b84af37a71f585b493d773c79036b669517
-
SSDEEP
3072:ALk395hYXJNuhV+g4yidNvJJngaWMY4n6tVojmTic+BSLLpjJj:AQqG+9yYNvJJnnjKiDBALBJj
Score10/10-
Gh0st RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
-
-
Target
20061193428.exe
-
Size
5.1MB
-
MD5
d7be2f31187feee86d852ce5ffa0b1fd
-
SHA1
a57fbcca22e1f4d178d811844cdefaa9537ebaef
-
SHA256
d2fda291f12be94897b3b2567a99730b08bbc1b843c0599cd2cd770bf21bb0c6
-
SHA512
02fd85e11889c502b1e3b895d44e25b726b81a38ec5e8d125a23d832f75d115a83d12115a334f399b41ca9aa8db11d4b23a5000c0def573d9b257dddca23fc4c
-
SSDEEP
3072:RVoGRz4nDbfagCqKZk5yY/HB7Q2tz2kcMBQ1GobMeRPKZ+sE4oby:RVoGV4nDWgRAkPHZQWfcMloDgI4oO
Score10/10-
Gh0st RAT payload
-
Adds Run key to start application
-
Drops file in System32 directory
-