General

  • Target

    9e0879c7c2cc632dae31ef5b66099ec6_JaffaCakes118

  • Size

    431KB

  • Sample

    240611-nnk6lawbnn

  • MD5

    9e0879c7c2cc632dae31ef5b66099ec6

  • SHA1

    135cb0f9c6999ab5aaad30bc27c4afeedb60c367

  • SHA256

    7e313ad62e2bac7a07d176dd7996468246780d44492dececd3413cfd98700604

  • SHA512

    c114f6aa6bda2d1633c6fdc00a7c347e10cad30f436d5fcbc6c7b6e888e823ead9df8576d4f7a3f81414eab6e0915563b059f39b05afe6d9eb5e6d02b4d5985b

  • SSDEEP

    6144:pGSPZkkDYwXYbtmrejA30BLxzh6NUoYd1T5VJRmm8V0h87rb28xbk9660:ZYwbWBLxzh6Lg1T5VJRe7f

Score
10/10

Malware Config

Targets

    • Target

      9e0879c7c2cc632dae31ef5b66099ec6_JaffaCakes118

    • Size

      431KB

    • MD5

      9e0879c7c2cc632dae31ef5b66099ec6

    • SHA1

      135cb0f9c6999ab5aaad30bc27c4afeedb60c367

    • SHA256

      7e313ad62e2bac7a07d176dd7996468246780d44492dececd3413cfd98700604

    • SHA512

      c114f6aa6bda2d1633c6fdc00a7c347e10cad30f436d5fcbc6c7b6e888e823ead9df8576d4f7a3f81414eab6e0915563b059f39b05afe6d9eb5e6d02b4d5985b

    • SSDEEP

      6144:pGSPZkkDYwXYbtmrejA30BLxzh6NUoYd1T5VJRmm8V0h87rb28xbk9660:ZYwbWBLxzh6Lg1T5VJRe7f

    Score
    10/10
    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks