General
-
Target
06a089742b1e0a7a4745cf88bab5ff33_JaffaCakes118
-
Size
150KB
-
Sample
240623-r8jeaavejg
-
MD5
06a089742b1e0a7a4745cf88bab5ff33
-
SHA1
d70485611d1c3838a1012cc811bee97d0c3156d4
-
SHA256
706f00830d450dcd6cd55c234ff4608bc3932b9d92c6a37bc8b0a06c650b47bb
-
SHA512
799a43d5a069e0ac36cfcb11fc0315af8141046e6a8485495da8e7c8fad3e9c0947d473a1706e48fec1e1e93010b4ca266b9c2d9c2931f8d19cac4ed5135e0dd
-
SSDEEP
3072:xwFLsFwUlUvxbZvzJhpcaI9TPZWmU+AYjakj2:qFLsXuxbZvzPpcHTZnDG
Static task
static1
Behavioral task
behavioral1
Sample
06a089742b1e0a7a4745cf88bab5ff33_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
06a089742b1e0a7a4745cf88bab5ff33_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
06a089742b1e0a7a4745cf88bab5ff33_JaffaCakes118
-
Size
150KB
-
MD5
06a089742b1e0a7a4745cf88bab5ff33
-
SHA1
d70485611d1c3838a1012cc811bee97d0c3156d4
-
SHA256
706f00830d450dcd6cd55c234ff4608bc3932b9d92c6a37bc8b0a06c650b47bb
-
SHA512
799a43d5a069e0ac36cfcb11fc0315af8141046e6a8485495da8e7c8fad3e9c0947d473a1706e48fec1e1e93010b4ca266b9c2d9c2931f8d19cac4ed5135e0dd
-
SSDEEP
3072:xwFLsFwUlUvxbZvzJhpcaI9TPZWmU+AYjakj2:qFLsXuxbZvzPpcHTZnDG
-
Gh0st RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-