General
-
Target
6a29cf973f1d66268030cc5e5a4d2d1c_JaffaCakes118
-
Size
580KB
-
Sample
240523-h5betshc59
-
MD5
6a29cf973f1d66268030cc5e5a4d2d1c
-
SHA1
786e7571fe983e9ed1b5f9c144096a038629462b
-
SHA256
ebb50394bcadbc9bcf4f6814b6e0cf72ef6f153d8c8d69472b20b4c9e431cf39
-
SHA512
380c10d5d03fc521a6a01d9cf0ab578ffb7ede5906ffbf96a2597d556168b39cf02221be4e2d619e7c62a1124261868244f688b36d2e91c66a336897e6688722
-
SSDEEP
6144:qPrmCDMLRhprsSgSM7Fs9Icg0bAJHALCV:+rX+pA7FGEJe
Malware Config
Extracted
gh0strat
42.99.116.242
Targets
-
-
Target
6a29cf973f1d66268030cc5e5a4d2d1c_JaffaCakes118
-
Size
580KB
-
MD5
6a29cf973f1d66268030cc5e5a4d2d1c
-
SHA1
786e7571fe983e9ed1b5f9c144096a038629462b
-
SHA256
ebb50394bcadbc9bcf4f6814b6e0cf72ef6f153d8c8d69472b20b4c9e431cf39
-
SHA512
380c10d5d03fc521a6a01d9cf0ab578ffb7ede5906ffbf96a2597d556168b39cf02221be4e2d619e7c62a1124261868244f688b36d2e91c66a336897e6688722
-
SSDEEP
6144:qPrmCDMLRhprsSgSM7Fs9Icg0bAJHALCV:+rX+pA7FGEJe
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-