General

  • Target

    06540359a2fd8d4457b45ba2ffc019f6_JaffaCakes118

  • Size

    100KB

  • Sample

    240623-q1r6sawfnl

  • MD5

    06540359a2fd8d4457b45ba2ffc019f6

  • SHA1

    bbccffdd295df957b7817b7ad9b4515b2d84e9c9

  • SHA256

    0b08a3c85c94f4740ff02f229c55454476fae18d3833988693db8f50085c69e7

  • SHA512

    06a4a8fa61186d46b3180b17dd9c693d099741232353ff33a8c298d5a4cbc95a40f77d5815d6cb6a3bb7695ca7c2cb24646d23319a098d5f85fbe003d3528b2c

  • SSDEEP

    1536:JBsDeMQbFT3NgWOyd9hWdIcNdBfxOcwC/jqewEEx5qwd:J0eMQbPnhLWu6dxxOcN7qewEEx55d

Malware Config

Targets

    • Target

      06540359a2fd8d4457b45ba2ffc019f6_JaffaCakes118

    • Size

      100KB

    • MD5

      06540359a2fd8d4457b45ba2ffc019f6

    • SHA1

      bbccffdd295df957b7817b7ad9b4515b2d84e9c9

    • SHA256

      0b08a3c85c94f4740ff02f229c55454476fae18d3833988693db8f50085c69e7

    • SHA512

      06a4a8fa61186d46b3180b17dd9c693d099741232353ff33a8c298d5a4cbc95a40f77d5815d6cb6a3bb7695ca7c2cb24646d23319a098d5f85fbe003d3528b2c

    • SSDEEP

      1536:JBsDeMQbFT3NgWOyd9hWdIcNdBfxOcwC/jqewEEx5qwd:J0eMQbPnhLWu6dxxOcN7qewEEx55d

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Server Software Component: Terminal Services DLL

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks