General
-
Target
011dd689b1cb91d17ff6b5d2f0615977_JaffaCakes118
-
Size
150KB
-
Sample
240619-3a3wta1ckk
-
MD5
011dd689b1cb91d17ff6b5d2f0615977
-
SHA1
c2f11bfe4dc4fe2ac34cfabd7deaec2d6896933f
-
SHA256
d781d0d734c49ae8a7812e0233b4d1791a4b9248b579e2ff9f9fbc61d4f0f457
-
SHA512
a91cb6c2108cf9f6b17507840b3cf3dba59fe85597b8e2b62e0014a0b81801dfb0aed6e2f1b976e3cca7aa0fe14fcc4047a123407b8ff24cf7087520fd778072
-
SSDEEP
3072:tlxAxiiAYXRJ1cbuR3m8KoNVzbqQ+yaKf4baDJws3wDS:tePXD1zQuNV1+yiS
Static task
static1
Behavioral task
behavioral1
Sample
011dd689b1cb91d17ff6b5d2f0615977_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
011dd689b1cb91d17ff6b5d2f0615977_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
011dd689b1cb91d17ff6b5d2f0615977_JaffaCakes118
-
Size
150KB
-
MD5
011dd689b1cb91d17ff6b5d2f0615977
-
SHA1
c2f11bfe4dc4fe2ac34cfabd7deaec2d6896933f
-
SHA256
d781d0d734c49ae8a7812e0233b4d1791a4b9248b579e2ff9f9fbc61d4f0f457
-
SHA512
a91cb6c2108cf9f6b17507840b3cf3dba59fe85597b8e2b62e0014a0b81801dfb0aed6e2f1b976e3cca7aa0fe14fcc4047a123407b8ff24cf7087520fd778072
-
SSDEEP
3072:tlxAxiiAYXRJ1cbuR3m8KoNVzbqQ+yaKf4baDJws3wDS:tePXD1zQuNV1+yiS
-
Gh0st RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-