General

  • Target

    011dd689b1cb91d17ff6b5d2f0615977_JaffaCakes118

  • Size

    150KB

  • Sample

    240619-3a3wta1ckk

  • MD5

    011dd689b1cb91d17ff6b5d2f0615977

  • SHA1

    c2f11bfe4dc4fe2ac34cfabd7deaec2d6896933f

  • SHA256

    d781d0d734c49ae8a7812e0233b4d1791a4b9248b579e2ff9f9fbc61d4f0f457

  • SHA512

    a91cb6c2108cf9f6b17507840b3cf3dba59fe85597b8e2b62e0014a0b81801dfb0aed6e2f1b976e3cca7aa0fe14fcc4047a123407b8ff24cf7087520fd778072

  • SSDEEP

    3072:tlxAxiiAYXRJ1cbuR3m8KoNVzbqQ+yaKf4baDJws3wDS:tePXD1zQuNV1+yiS

Score
10/10

Malware Config

Targets

    • Target

      011dd689b1cb91d17ff6b5d2f0615977_JaffaCakes118

    • Size

      150KB

    • MD5

      011dd689b1cb91d17ff6b5d2f0615977

    • SHA1

      c2f11bfe4dc4fe2ac34cfabd7deaec2d6896933f

    • SHA256

      d781d0d734c49ae8a7812e0233b4d1791a4b9248b579e2ff9f9fbc61d4f0f457

    • SHA512

      a91cb6c2108cf9f6b17507840b3cf3dba59fe85597b8e2b62e0014a0b81801dfb0aed6e2f1b976e3cca7aa0fe14fcc4047a123407b8ff24cf7087520fd778072

    • SSDEEP

      3072:tlxAxiiAYXRJ1cbuR3m8KoNVzbqQ+yaKf4baDJws3wDS:tePXD1zQuNV1+yiS

    Score
    10/10
    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks