General

  • Target

    064392e060b1e48cbe362576323a9e74_JaffaCakes118

  • Size

    1.0MB

  • Sample

    240623-qrdxsssbqc

  • MD5

    064392e060b1e48cbe362576323a9e74

  • SHA1

    49bcd4d5f599ec70c2d900827f5dc2e0f5faa976

  • SHA256

    3da93c852242e07df6689491571417611d01ce0f2e6999ba72792d3ad03fc6aa

  • SHA512

    d9d1b76d7a844e2cbbddc9cc557c0ef01f7d010704a1f8293e4ca0885aede10e07e17346b987cb66ef17867e24c2d5855cccd1941587ffb2402ebd5c726004fb

  • SSDEEP

    12288:iM5jZKbBL3aKHx5r+TuxX+fWbwFBfdGmZ1vD:iM5j8Z3aKHx5r+TuxX+IwffFZ1vD

Malware Config

Targets

    • Target

      064392e060b1e48cbe362576323a9e74_JaffaCakes118

    • Size

      1.0MB

    • MD5

      064392e060b1e48cbe362576323a9e74

    • SHA1

      49bcd4d5f599ec70c2d900827f5dc2e0f5faa976

    • SHA256

      3da93c852242e07df6689491571417611d01ce0f2e6999ba72792d3ad03fc6aa

    • SHA512

      d9d1b76d7a844e2cbbddc9cc557c0ef01f7d010704a1f8293e4ca0885aede10e07e17346b987cb66ef17867e24c2d5855cccd1941587ffb2402ebd5c726004fb

    • SSDEEP

      12288:iM5jZKbBL3aKHx5r+TuxX+fWbwFBfdGmZ1vD:iM5j8Z3aKHx5r+TuxX+IwffFZ1vD

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks