General

  • Target

    06450cc31f1e54fd264e3316aa4dc481_JaffaCakes118

  • Size

    95KB

  • Sample

    240623-qr5erascjh

  • MD5

    06450cc31f1e54fd264e3316aa4dc481

  • SHA1

    9163982a3f375fdf3eeaddbfc1bd062efb604e98

  • SHA256

    6457203c3428fd916416452cd6739141d7d2a739c3b15f61077c07bb63d9c966

  • SHA512

    1ba1fc2df2b1a9f5d7e0376b52a06c2a8f9a7b904f097b7ca5a3594b22b6c04946494f158aac92a399b06ec3245784b356751b6001deef99edd094f329454de9

  • SSDEEP

    1536:tiFusSx9qYMhdFHS8qdydo3nTzhYxJA+CwNUtBZVY9v8prNraBn3E0:tIS4jHS8q/3nTzePCwNUh4E9Nrs39

Malware Config

Targets

    • Target

      06450cc31f1e54fd264e3316aa4dc481_JaffaCakes118

    • Size

      95KB

    • MD5

      06450cc31f1e54fd264e3316aa4dc481

    • SHA1

      9163982a3f375fdf3eeaddbfc1bd062efb604e98

    • SHA256

      6457203c3428fd916416452cd6739141d7d2a739c3b15f61077c07bb63d9c966

    • SHA512

      1ba1fc2df2b1a9f5d7e0376b52a06c2a8f9a7b904f097b7ca5a3594b22b6c04946494f158aac92a399b06ec3245784b356751b6001deef99edd094f329454de9

    • SSDEEP

      1536:tiFusSx9qYMhdFHS8qdydo3nTzhYxJA+CwNUtBZVY9v8prNraBn3E0:tIS4jHS8q/3nTzePCwNUh4E9Nrs39

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks