General
-
Target
067ec51e899de8a311d410b4b996449f_JaffaCakes118
-
Size
254KB
-
Sample
240623-rp6qgaxfml
-
MD5
067ec51e899de8a311d410b4b996449f
-
SHA1
89b77af6b8ad4effa2da81feb6bd6854f7cf7b32
-
SHA256
26b0c85a5c79a701c962744b93ed6ef516a847c8ecbe1fcfece1bf5c3934a5f0
-
SHA512
47188ee96a9fe9749b19f7170a1c1d48b6fd62cd37718c351c3508087e69ca2794a54a90f4d2c0e6605ffcf7d7c08cac8b10fc3a67f0b75dc77c24a67d15601b
-
SSDEEP
3072:hNTL+cwF4M0szmo0x4DrvG+oScqspfRNTt/TRQ7dBxnle/8vnhkc+gIhc:7jsSixcDRL9Q7vrKhc
Static task
static1
Behavioral task
behavioral1
Sample
067ec51e899de8a311d410b4b996449f_JaffaCakes118.exe
Resource
win7-20240611-en
Malware Config
Targets
-
-
Target
067ec51e899de8a311d410b4b996449f_JaffaCakes118
-
Size
254KB
-
MD5
067ec51e899de8a311d410b4b996449f
-
SHA1
89b77af6b8ad4effa2da81feb6bd6854f7cf7b32
-
SHA256
26b0c85a5c79a701c962744b93ed6ef516a847c8ecbe1fcfece1bf5c3934a5f0
-
SHA512
47188ee96a9fe9749b19f7170a1c1d48b6fd62cd37718c351c3508087e69ca2794a54a90f4d2c0e6605ffcf7d7c08cac8b10fc3a67f0b75dc77c24a67d15601b
-
SSDEEP
3072:hNTL+cwF4M0szmo0x4DrvG+oScqspfRNTt/TRQ7dBxnle/8vnhkc+gIhc:7jsSixcDRL9Q7vrKhc
Score10/10-
Gh0st RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-