General

  • Target

    06bb1022bcf68a4375b33341307f3844_JaffaCakes118

  • Size

    376KB

  • Sample

    240623-smw9pawale

  • MD5

    06bb1022bcf68a4375b33341307f3844

  • SHA1

    b0deaa6b1d2856ee5f9a5e8409e2e2629ea4d59b

  • SHA256

    4426e570612fb0e065551c684ade75522ad0b9fb4c32429335d00c71d649afcd

  • SHA512

    f99852c4eba0c63461f2de2ed734ffdd35bafb67c16f36760f84b6453cc5b16ef50f2cd4e744f0a7890003eecd0d67dfb7ed1ecdd15cc38043872ce157a89554

  • SSDEEP

    6144:zIHYsZbS31zXqSNQgeiOKnDYVH0pwpMWEmpRBJ1NuUBY+f7zAF11whggaoHofphL:zIVZel6SOgeiOKEVH0ppWfBJ7XBczmRQ

Malware Config

Targets

    • Target

      06bb1022bcf68a4375b33341307f3844_JaffaCakes118

    • Size

      376KB

    • MD5

      06bb1022bcf68a4375b33341307f3844

    • SHA1

      b0deaa6b1d2856ee5f9a5e8409e2e2629ea4d59b

    • SHA256

      4426e570612fb0e065551c684ade75522ad0b9fb4c32429335d00c71d649afcd

    • SHA512

      f99852c4eba0c63461f2de2ed734ffdd35bafb67c16f36760f84b6453cc5b16ef50f2cd4e744f0a7890003eecd0d67dfb7ed1ecdd15cc38043872ce157a89554

    • SSDEEP

      6144:zIHYsZbS31zXqSNQgeiOKnDYVH0pwpMWEmpRBJ1NuUBY+f7zAF11whggaoHofphL:zIVZel6SOgeiOKEVH0ppWfBJ7XBczmRQ

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks