General

  • Target

    011447c78ca40ff951e35e207de55992_JaffaCakes118

  • Size

    423KB

  • Sample

    240619-26rmzswdnd

  • MD5

    011447c78ca40ff951e35e207de55992

  • SHA1

    babef2e1c1a11dfa4ed58a26be5adff50aa88bd6

  • SHA256

    53ee33c690e4bd2396bdf1c167b80ff9e036dd37714e3c2b62b9f45751a8977c

  • SHA512

    5de11b91b2f9169e0b94ad913b2ff4e5d0120e8db60f5e1f864e84a4449d742083a42493a970c61583912d0bf736bb6d9eaf91539a30b23f20175b093f47dc0d

  • SSDEEP

    12288:7QM0Ua3qB1iOXrZF3Z4mxx0cg9FQTEG5HzYgP:Ua1iO7ZQmX059FQTEG5x

Malware Config

Targets

    • Target

      011447c78ca40ff951e35e207de55992_JaffaCakes118

    • Size

      423KB

    • MD5

      011447c78ca40ff951e35e207de55992

    • SHA1

      babef2e1c1a11dfa4ed58a26be5adff50aa88bd6

    • SHA256

      53ee33c690e4bd2396bdf1c167b80ff9e036dd37714e3c2b62b9f45751a8977c

    • SHA512

      5de11b91b2f9169e0b94ad913b2ff4e5d0120e8db60f5e1f864e84a4449d742083a42493a970c61583912d0bf736bb6d9eaf91539a30b23f20175b093f47dc0d

    • SSDEEP

      12288:7QM0Ua3qB1iOXrZF3Z4mxx0cg9FQTEG5HzYgP:Ua1iO7ZQmX059FQTEG5x

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks