General
-
Target
fc841cdc6d09e3638e40b9c32b7d0cec_JaffaCakes118
-
Size
316KB
-
Sample
240420-l6ck3aea79
-
MD5
fc841cdc6d09e3638e40b9c32b7d0cec
-
SHA1
f74de43c0988f160f1a310f308da631a0ad3ee60
-
SHA256
d0ac1fe496f6f90d965d1b658329483620a279c6bba3b1f667392b069a1f993e
-
SHA512
23dddf517cc85269efd49513f66ba9990ebeccfed9fea1260b8f7cff41cdefea578f64caec4386f7483a747cd31182f405590da3e80399b05588406b180312af
-
SSDEEP
6144:IFw8wzBhaEUJ45mbS75gob65lvOrxRMiA4mhg6RHFlDIQEtJopkUC+nOP/pg:IFszBhqS5mY+rvQRpA7hHlmtepkxFBg
Malware Config
Targets
-
-
Target
fc841cdc6d09e3638e40b9c32b7d0cec_JaffaCakes118
-
Size
316KB
-
MD5
fc841cdc6d09e3638e40b9c32b7d0cec
-
SHA1
f74de43c0988f160f1a310f308da631a0ad3ee60
-
SHA256
d0ac1fe496f6f90d965d1b658329483620a279c6bba3b1f667392b069a1f993e
-
SHA512
23dddf517cc85269efd49513f66ba9990ebeccfed9fea1260b8f7cff41cdefea578f64caec4386f7483a747cd31182f405590da3e80399b05588406b180312af
-
SSDEEP
6144:IFw8wzBhaEUJ45mbS75gob65lvOrxRMiA4mhg6RHFlDIQEtJopkUC+nOP/pg:IFszBhqS5mY+rvQRpA7hHlmtepkxFBg
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-