General

  • Target

    05dd8e8028a38f097e117cb400914b57_JaffaCakes118

  • Size

    1.0MB

  • Sample

    240428-xn1qqaeh2x

  • MD5

    05dd8e8028a38f097e117cb400914b57

  • SHA1

    df9db6de0eb5ff8c2570bcdbbe366d56c9ac1570

  • SHA256

    aea7542cb1ae49b21fb2f920975131a7efcf0bcc8a041205cb9e20ee9321f1cd

  • SHA512

    02b2dd9fd14a9c44d9e415d4b7b3290aa38ef4bbaa7dac393714887eeed07853031b216b222d0611519a1f712a90c33c36f356ae42031f844ce9e349ff0219da

  • SSDEEP

    12288:iM5jZKbBL3aKHx5r+TuxX+fWbwFBfdGmZN3:iM5j8Z3aKHx5r+TuxX+IwffFZN3

Malware Config

Targets

    • Target

      05dd8e8028a38f097e117cb400914b57_JaffaCakes118

    • Size

      1.0MB

    • MD5

      05dd8e8028a38f097e117cb400914b57

    • SHA1

      df9db6de0eb5ff8c2570bcdbbe366d56c9ac1570

    • SHA256

      aea7542cb1ae49b21fb2f920975131a7efcf0bcc8a041205cb9e20ee9321f1cd

    • SHA512

      02b2dd9fd14a9c44d9e415d4b7b3290aa38ef4bbaa7dac393714887eeed07853031b216b222d0611519a1f712a90c33c36f356ae42031f844ce9e349ff0219da

    • SSDEEP

      12288:iM5jZKbBL3aKHx5r+TuxX+fWbwFBfdGmZN3:iM5j8Z3aKHx5r+TuxX+IwffFZN3

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks