Overview

overview

10

Static

static

10

18007ebfa8...18.exe

windows7-x64

10

18007ebfa8...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    18007ebfa88f13515e9c0c6e342652d6_JaffaCakes118

  • Size

    144KB

  • Sample

    240627-3twa3s1hrr

  • MD5

    18007ebfa88f13515e9c0c6e342652d6

  • SHA1

    3ebd007660b73f2385e587a64ea1ae55a3799206

  • SHA256

    289af2132a4e26d0178127ee799c3afdcc76f2c9aa61bd817dfb42c1728dee21

  • SHA512

    b04b3c7b525f2b397b634e969b56b213763b953e31563b0730bc163bccb59db7dba400f5f6c2ab99358dcb7e32c3b322dc5146ecfcfb1f16614ab316d041aa9c

  • SSDEEP

    3072:cmggJXDFNoz9lRZCJogwY1tnkv1Y67KrUVPJoZWWRZanAmst:cyuz9XgJpwY1Z8YcSUVyZWWXDD

Score
10/10
gh0stratrat

Malware Config

Targets

    • Target

      18007ebfa88f13515e9c0c6e342652d6_JaffaCakes118

    • Size

      144KB

    • MD5

      18007ebfa88f13515e9c0c6e342652d6

    • SHA1

      3ebd007660b73f2385e587a64ea1ae55a3799206

    • SHA256

      289af2132a4e26d0178127ee799c3afdcc76f2c9aa61bd817dfb42c1728dee21

    • SHA512

      b04b3c7b525f2b397b634e969b56b213763b953e31563b0730bc163bccb59db7dba400f5f6c2ab99358dcb7e32c3b322dc5146ecfcfb1f16614ab316d041aa9c

    • SSDEEP

      3072:cmggJXDFNoz9lRZCJogwY1tnkv1Y67KrUVPJoZWWRZanAmst:cyuz9XgJpwY1Z8YcSUVyZWWXDD

    Score
    10/10
    gh0stratrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Deletes itself

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks