General

  • Target

    037f6192b6ce6f903231f54b54b526fb_JaffaCakes118

  • Size

    216KB

  • Sample

    240427-ykyydsfe9t

  • MD5

    037f6192b6ce6f903231f54b54b526fb

  • SHA1

    5f44e3ff1bf4c89c6c099b78ba0bd23f6cc249d1

  • SHA256

    bdc53e2aa28dd9b015cdc5915e2ef79520f40269a0d75364a172883b9a292e0d

  • SHA512

    04f0cfda98b3f7341038a27919c3f23705521f6ef44c6bbefaf358f7b7dd183316bd87d425adb644910cc0a826d44a36aa1f6932e2bb1c76cfdc84156fd0a54e

  • SSDEEP

    3072:J/9jNNTRr4bTYBCTZONEI1u3HO+cQh135J7WOwbAMt9+pCkSAkea3vujnlvUFLGR:71r4CEI4e2JJKbB7ZA9af6nlMY

Score
10/10

Malware Config

Targets

    • Target

      037f6192b6ce6f903231f54b54b526fb_JaffaCakes118

    • Size

      216KB

    • MD5

      037f6192b6ce6f903231f54b54b526fb

    • SHA1

      5f44e3ff1bf4c89c6c099b78ba0bd23f6cc249d1

    • SHA256

      bdc53e2aa28dd9b015cdc5915e2ef79520f40269a0d75364a172883b9a292e0d

    • SHA512

      04f0cfda98b3f7341038a27919c3f23705521f6ef44c6bbefaf358f7b7dd183316bd87d425adb644910cc0a826d44a36aa1f6932e2bb1c76cfdc84156fd0a54e

    • SSDEEP

      3072:J/9jNNTRr4bTYBCTZONEI1u3HO+cQh135J7WOwbAMt9+pCkSAkea3vujnlvUFLGR:71r4CEI4e2JJKbB7ZA9af6nlMY

    Score
    10/10
    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks