General

  • Target

    0856877e3c2265c36d5fa47ef0d95385_JaffaCakes118

  • Size

    908KB

  • Sample

    240429-w6gj5ahh21

  • MD5

    0856877e3c2265c36d5fa47ef0d95385

  • SHA1

    5e467c7efeae89151e74f731cacbe59a0a602c09

  • SHA256

    42ec5d2a4276118bc5d169a6667121d28a0640c267f0e944a0a49c31e0b59fb5

  • SHA512

    9a9454a99995d26d2938ee4523dca7777fac40c93e672d71af550fdb58f916591b9ef4c20b2f030dc906b8efd1907f8fd609cd106ba3997b000517f97d9824a0

  • SSDEEP

    12288:iM5jZKbBL3aKHx5r+TuxX+fWbwFBfdGmZAtK:iM5j8Z3aKHx5r+TuxX+IwffFZAtK

Malware Config

Targets

    • Target

      0856877e3c2265c36d5fa47ef0d95385_JaffaCakes118

    • Size

      908KB

    • MD5

      0856877e3c2265c36d5fa47ef0d95385

    • SHA1

      5e467c7efeae89151e74f731cacbe59a0a602c09

    • SHA256

      42ec5d2a4276118bc5d169a6667121d28a0640c267f0e944a0a49c31e0b59fb5

    • SHA512

      9a9454a99995d26d2938ee4523dca7777fac40c93e672d71af550fdb58f916591b9ef4c20b2f030dc906b8efd1907f8fd609cd106ba3997b000517f97d9824a0

    • SSDEEP

      12288:iM5jZKbBL3aKHx5r+TuxX+fWbwFBfdGmZAtK:iM5j8Z3aKHx5r+TuxX+IwffFZAtK

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks