General

  • Target

    02048780f19ace56db841a9ccfd7e7b3_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240620-cwbrcatdmb

  • MD5

    02048780f19ace56db841a9ccfd7e7b3

  • SHA1

    63de4bb86f3328c0f3e448f8f7db6da3b6d09477

  • SHA256

    18c62801fb85d9e3bbb89cf77bf1f41d4a9da5c19fda35edb33eb6e16aad6cea

  • SHA512

    e0cf0537e3ca7bda0582e9c3e51f57e3a5f7bcab7d7975f33afa5296a1344557bc9cbaba224764663ca0e795b725bc5b188ad31f9f8694694855c28316c3f364

  • SSDEEP

    24576:qh12IKEsLQIJv/j/uf8dPKZMdBltSkhmQU4zWiMuFCS0hOMed+3l6cj:qhpxtIdruEEMlVznMnvhOEcy

Score
10/10

Malware Config

Targets

    • Target

      02048780f19ace56db841a9ccfd7e7b3_JaffaCakes118

    • Size

      1.2MB

    • MD5

      02048780f19ace56db841a9ccfd7e7b3

    • SHA1

      63de4bb86f3328c0f3e448f8f7db6da3b6d09477

    • SHA256

      18c62801fb85d9e3bbb89cf77bf1f41d4a9da5c19fda35edb33eb6e16aad6cea

    • SHA512

      e0cf0537e3ca7bda0582e9c3e51f57e3a5f7bcab7d7975f33afa5296a1344557bc9cbaba224764663ca0e795b725bc5b188ad31f9f8694694855c28316c3f364

    • SSDEEP

      24576:qh12IKEsLQIJv/j/uf8dPKZMdBltSkhmQU4zWiMuFCS0hOMed+3l6cj:qhpxtIdruEEMlVznMnvhOEcy

    Score
    10/10
    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix

Tasks