Overview

overview

10

Static

static

3

027fdbf3b5...18.exe

windows7-x64

10

027fdbf3b5...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    027fdbf3b5cb8a37679bbb9dbcc4ce94_JaffaCakes118

  • Size

    152KB

  • Sample

    240620-d9q9ma1epl

  • MD5

    027fdbf3b5cb8a37679bbb9dbcc4ce94

  • SHA1

    c38142dff5678a5c5ea0a50ac7411c55aed4bb27

  • SHA256

    19951514f83abecd84f9e153243f8a9de91a3749b2f054ed1e72cd8cdee1c7db

  • SHA512

    2130e7d525d78931ca4e06127bd79da9012f1c50c6547ba0bd2ce4ff64038428b12160a9d3fef5d82cbe6ca7e06576b96ca383c07904844efe6d74b72c0243d2

  • SSDEEP

    3072:zFt8VhCP7gQHS1/qRHaSWLIgCikiq+lFFoMe0JyW+GnSwH2cJhSb:z0VhCjgQH0MaSiC52FeotJhSb

Score
10/10
gh0stratmodiloaderrattrojan

Malware Config

Targets

    • Target

      027fdbf3b5cb8a37679bbb9dbcc4ce94_JaffaCakes118

    • Size

      152KB

    • MD5

      027fdbf3b5cb8a37679bbb9dbcc4ce94

    • SHA1

      c38142dff5678a5c5ea0a50ac7411c55aed4bb27

    • SHA256

      19951514f83abecd84f9e153243f8a9de91a3749b2f054ed1e72cd8cdee1c7db

    • SHA512

      2130e7d525d78931ca4e06127bd79da9012f1c50c6547ba0bd2ce4ff64038428b12160a9d3fef5d82cbe6ca7e06576b96ca383c07904844efe6d74b72c0243d2

    • SSDEEP

      3072:zFt8VhCP7gQHS1/qRHaSWLIgCikiq+lFFoMe0JyW+GnSwH2cJhSb:z0VhCjgQH0MaSiC52FeotJhSb

    Score
    10/10
    gh0stratmodiloaderrattrojan

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks