Overview

overview

10

Static

static

10

2293d55c03...18.exe

windows7-x64

10

2293d55c03...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2293d55c032a9a521f12645c3fdc333c_JaffaCakes118

  • Size

    126KB

  • Sample

    240703-q5m3mazfrb

  • MD5

    2293d55c032a9a521f12645c3fdc333c

  • SHA1

    d302188cdc0962d646fbb1f6dfb3244d5689c35d

  • SHA256

    7d768522035cf3eb2ef460eec55eba0168f72924dd21d48d576f5acdc8da12f8

  • SHA512

    b83a83b0149e42d39b5b8a0a4bf736fd03782f3ad6fc10481ea18f037e4b8a4df1ff7d2001ef1c5ac669791119c7a20319dc371c1f21a23fdd1eede868f514e9

  • SSDEEP

    3072:AwPReUyQYsZSwwJSN2Ub8VG2vNKohdGMgdI5wItwTfgtkTE9/O0B:AuRlyQYskfJs2UbadhUmGItSfgt4iJ

Score
10/10
gh0stratpersistencerat

Malware Config

Targets

    • Target

      2293d55c032a9a521f12645c3fdc333c_JaffaCakes118

    • Size

      126KB

    • MD5

      2293d55c032a9a521f12645c3fdc333c

    • SHA1

      d302188cdc0962d646fbb1f6dfb3244d5689c35d

    • SHA256

      7d768522035cf3eb2ef460eec55eba0168f72924dd21d48d576f5acdc8da12f8

    • SHA512

      b83a83b0149e42d39b5b8a0a4bf736fd03782f3ad6fc10481ea18f037e4b8a4df1ff7d2001ef1c5ac669791119c7a20319dc371c1f21a23fdd1eede868f514e9

    • SSDEEP

      3072:AwPReUyQYsZSwwJSN2Ub8VG2vNKohdGMgdI5wItwTfgtkTE9/O0B:AuRlyQYskfJs2UbadhUmGItSfgt4iJ

    Score
    10/10
    gh0stratpersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

      persistence

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks