General

  • Target

    06544a3435938b21f284f8ab7f187efd_JaffaCakes118

  • Size

    233KB

  • Sample

    240623-q1yzbswfnq

  • MD5

    06544a3435938b21f284f8ab7f187efd

  • SHA1

    a4ddd87fbc8255054a2084f69772fb1d4226b36c

  • SHA256

    13abc52d4dab9dbb8c59576905aace2b270559e4b59a535745cc42763c18b805

  • SHA512

    dd2de907d74bff2662328aedd3843464f270294419284e5908c0ec5650d4d07c92af4cdcbe367e16cddf1b6c76d371e6160bf827af8a4fcc4bfd855144348482

  • SSDEEP

    3072:dCRcfK4NlytAVDckOlpEdaLy1OjnKQB7S4+PPnK1naZ8r7c6G723:dK2TVDckOl6dZ1EvsPf9Z165

Malware Config

Targets

    • Target

      06544a3435938b21f284f8ab7f187efd_JaffaCakes118

    • Size

      233KB

    • MD5

      06544a3435938b21f284f8ab7f187efd

    • SHA1

      a4ddd87fbc8255054a2084f69772fb1d4226b36c

    • SHA256

      13abc52d4dab9dbb8c59576905aace2b270559e4b59a535745cc42763c18b805

    • SHA512

      dd2de907d74bff2662328aedd3843464f270294419284e5908c0ec5650d4d07c92af4cdcbe367e16cddf1b6c76d371e6160bf827af8a4fcc4bfd855144348482

    • SSDEEP

      3072:dCRcfK4NlytAVDckOlpEdaLy1OjnKQB7S4+PPnK1naZ8r7c6G723:dK2TVDckOl6dZ1EvsPf9Z165

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Server Software Component: Terminal Services DLL

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks