General
-
Target
fc6d30e57ccfd2db5e606eb1aa39e6ea_JaffaCakes118
-
Size
252KB
-
Sample
240420-k9y3ssdc89
-
MD5
fc6d30e57ccfd2db5e606eb1aa39e6ea
-
SHA1
02643940339c6507ca5772f801ea86ed12d3f2be
-
SHA256
fed3e981fa5df7ac8734fae939e4009438d1da4bd6bac7ad2422a033908afd58
-
SHA512
fdf007e72560b280c2a443e0d44b2dac796bb5af4742f3c7406fe5c15af6c31f06d8af37035dd27770690cb4169b188c4709d2444d592a912a0defe625801e69
-
SSDEEP
6144:07OgeNt0XPoBQfFMbE9XL4HE5kynHZ8uGjJZ9q624yIX6:qOgebeoiab8sNKotZ9q4y
Malware Config
Targets
-
-
Target
fc6d30e57ccfd2db5e606eb1aa39e6ea_JaffaCakes118
-
Size
252KB
-
MD5
fc6d30e57ccfd2db5e606eb1aa39e6ea
-
SHA1
02643940339c6507ca5772f801ea86ed12d3f2be
-
SHA256
fed3e981fa5df7ac8734fae939e4009438d1da4bd6bac7ad2422a033908afd58
-
SHA512
fdf007e72560b280c2a443e0d44b2dac796bb5af4742f3c7406fe5c15af6c31f06d8af37035dd27770690cb4169b188c4709d2444d592a912a0defe625801e69
-
SSDEEP
6144:07OgeNt0XPoBQfFMbE9XL4HE5kynHZ8uGjJZ9q624yIX6:qOgebeoiab8sNKotZ9q4y
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-