General

  • Target

    068acfceca3f518b1a4f21fa682e57dd_JaffaCakes118

  • Size

    376KB

  • Sample

    240623-rwkrksxhmp

  • MD5

    068acfceca3f518b1a4f21fa682e57dd

  • SHA1

    7a6b70e259dda9b2d690b77671e5a9a8ae865edf

  • SHA256

    2f91317dade8737b6e5d67496a5fdab125b0617044a9875c3dc17a51c77271d6

  • SHA512

    ed9d626496078b243c7c8fbc4f6bc34641fe659b9fd9366deb60ee1211630cc58cf77d7175cfdad82900d7344b7c21afa576e5757462e7f93cdd8aa0224c4b65

  • SSDEEP

    6144:zIHYsZbS31zXqSNQgeiOKnDYVH0pwpMWEmpRBJ1NuUBY+f7zAF11whggaoHofph4:zIVZel6SOgeiOKEVH0ppWfBJ7XBczmRL

Malware Config

Targets

    • Target

      068acfceca3f518b1a4f21fa682e57dd_JaffaCakes118

    • Size

      376KB

    • MD5

      068acfceca3f518b1a4f21fa682e57dd

    • SHA1

      7a6b70e259dda9b2d690b77671e5a9a8ae865edf

    • SHA256

      2f91317dade8737b6e5d67496a5fdab125b0617044a9875c3dc17a51c77271d6

    • SHA512

      ed9d626496078b243c7c8fbc4f6bc34641fe659b9fd9366deb60ee1211630cc58cf77d7175cfdad82900d7344b7c21afa576e5757462e7f93cdd8aa0224c4b65

    • SSDEEP

      6144:zIHYsZbS31zXqSNQgeiOKnDYVH0pwpMWEmpRBJ1NuUBY+f7zAF11whggaoHofph4:zIVZel6SOgeiOKEVH0ppWfBJ7XBczmRL

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks