General

  • Target

    12c76eecb7d602352b246ae1dc5eaaa1_JaffaCakes118

  • Size

    191KB

  • Sample

    240626-vts7qaxblk

  • MD5

    12c76eecb7d602352b246ae1dc5eaaa1

  • SHA1

    84b93aa7ddac419c2be9e59d5fd7555f592afd02

  • SHA256

    1b78e140f120533ca90b40eff8194a7a93e463ec47a3de2148d5c7938ef8da2c

  • SHA512

    43447a904582697a0bccf278bfd4e6d0992d71f9b55bd41c65dbb9a828b1ce75a8f30270c45afdae313b5c1095d3c0a85631bd966ee21dd6eb89154df15c8808

  • SSDEEP

    3072:n3c1fP4AJJRJK51Q7DapBTlxsxnfSWQk52VydTE6K6ODaAQEF5:3OPjdJaOap9lx+naFaR+6ODpQe5

Malware Config

Targets

    • Target

      12c76eecb7d602352b246ae1dc5eaaa1_JaffaCakes118

    • Size

      191KB

    • MD5

      12c76eecb7d602352b246ae1dc5eaaa1

    • SHA1

      84b93aa7ddac419c2be9e59d5fd7555f592afd02

    • SHA256

      1b78e140f120533ca90b40eff8194a7a93e463ec47a3de2148d5c7938ef8da2c

    • SHA512

      43447a904582697a0bccf278bfd4e6d0992d71f9b55bd41c65dbb9a828b1ce75a8f30270c45afdae313b5c1095d3c0a85631bd966ee21dd6eb89154df15c8808

    • SSDEEP

      3072:n3c1fP4AJJRJK51Q7DapBTlxsxnfSWQk52VydTE6K6ODaAQEF5:3OPjdJaOap9lx+naFaR+6ODpQe5

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Executes dropped EXE

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks