General

  • Target

    0632c2248b8538b5f9452ec8d44a3352_JaffaCakes118

  • Size

    285KB

  • Sample

    240623-qfvfea1gmd

  • MD5

    0632c2248b8538b5f9452ec8d44a3352

  • SHA1

    478f8af2c679ee5718407d5f6052a697930b7b43

  • SHA256

    51bab85abf259c42eefc6b8a9c2609f0208ab092843c9634bd83bb719f15d7ca

  • SHA512

    41630899519cadc866a687a410e5041b3a8c52f2dfb2aa5bbe74477e2ada254056f464f44eb2d5a1d89a3920bfe110399922f31e2b2f3ff0c214da76fbdd50c0

  • SSDEEP

    6144:wGzRxSVtp0l6whGfsKR+zkBpTaa5tJHY6o:Dt0VPFfsKAkrbPlYF

Malware Config

Targets

    • Target

      0632c2248b8538b5f9452ec8d44a3352_JaffaCakes118

    • Size

      285KB

    • MD5

      0632c2248b8538b5f9452ec8d44a3352

    • SHA1

      478f8af2c679ee5718407d5f6052a697930b7b43

    • SHA256

      51bab85abf259c42eefc6b8a9c2609f0208ab092843c9634bd83bb719f15d7ca

    • SHA512

      41630899519cadc866a687a410e5041b3a8c52f2dfb2aa5bbe74477e2ada254056f464f44eb2d5a1d89a3920bfe110399922f31e2b2f3ff0c214da76fbdd50c0

    • SSDEEP

      6144:wGzRxSVtp0l6whGfsKR+zkBpTaa5tJHY6o:Dt0VPFfsKAkrbPlYF

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks