General

  • Target

    08267c50986301c44a5a41aa6679a5a4_JaffaCakes118

  • Size

    1017KB

  • Sample

    240429-vdxj7sfh7y

  • MD5

    08267c50986301c44a5a41aa6679a5a4

  • SHA1

    e53fa5cac935a83e37da04dbfb6c6c7d1472c8f9

  • SHA256

    0b5d9b74ac32b5eee06b568fc8f8e7710bfdabb1ecb88ef374d15bf805bb798f

  • SHA512

    ac34524a9c800399993354d508c7454ebc9241a7230d5a9731302a17fd354f1c013133d929611d25930b2893ffe4292585ada387ca4a0764f7be55a2688f3373

  • SSDEEP

    12288:iM5jZKbBL3aKHx5r+TuxX+fWbwFBfdGmZV6:iM5j8Z3aKHx5r+TuxX+IwffFZV6

Malware Config

Targets

    • Target

      08267c50986301c44a5a41aa6679a5a4_JaffaCakes118

    • Size

      1017KB

    • MD5

      08267c50986301c44a5a41aa6679a5a4

    • SHA1

      e53fa5cac935a83e37da04dbfb6c6c7d1472c8f9

    • SHA256

      0b5d9b74ac32b5eee06b568fc8f8e7710bfdabb1ecb88ef374d15bf805bb798f

    • SHA512

      ac34524a9c800399993354d508c7454ebc9241a7230d5a9731302a17fd354f1c013133d929611d25930b2893ffe4292585ada387ca4a0764f7be55a2688f3373

    • SSDEEP

      12288:iM5jZKbBL3aKHx5r+TuxX+fWbwFBfdGmZV6:iM5j8Z3aKHx5r+TuxX+IwffFZV6

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks