General

  • Target

    05d37d2ecf247111834c058e6674df68_JaffaCakes118

  • Size

    183KB

  • Sample

    240623-k4z3xaxamf

  • MD5

    05d37d2ecf247111834c058e6674df68

  • SHA1

    599c92d73525aadb7efad521c3004dcf3b9e8f65

  • SHA256

    55dde27bde29cea402f79e161311a35cf67377af951cc5e472ee2904a477a310

  • SHA512

    1b870f7fc06bc5b8b0f454f18fac887d6aee20767bf51bd84707c0bd545cf444ea3838b9d1f16c1ef9bf34fc78f12b0449b5c1685954156cf7cc6cf323c2454c

  • SSDEEP

    3072:9MqKbTtCSIT0chwzzcdZKF8UvvoeWofjjpAVioRF8s//NLj6h+EvtRq:m9MMmwzlqUHoeWofjjpAViY/lH6h+Evq

Malware Config

Targets

    • Target

      05d37d2ecf247111834c058e6674df68_JaffaCakes118

    • Size

      183KB

    • MD5

      05d37d2ecf247111834c058e6674df68

    • SHA1

      599c92d73525aadb7efad521c3004dcf3b9e8f65

    • SHA256

      55dde27bde29cea402f79e161311a35cf67377af951cc5e472ee2904a477a310

    • SHA512

      1b870f7fc06bc5b8b0f454f18fac887d6aee20767bf51bd84707c0bd545cf444ea3838b9d1f16c1ef9bf34fc78f12b0449b5c1685954156cf7cc6cf323c2454c

    • SSDEEP

      3072:9MqKbTtCSIT0chwzzcdZKF8UvvoeWofjjpAVioRF8s//NLj6h+EvtRq:m9MMmwzlqUHoeWofjjpAViY/lH6h+Evq

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks