General
-
Target
247d9d08ebe86059bc2784f27b1d2a1b_JaffaCakes118
-
Size
1009KB
-
Sample
240704-d5k7tavake
-
MD5
247d9d08ebe86059bc2784f27b1d2a1b
-
SHA1
68a3f6b43628d669ea09083bc17697da43a69adf
-
SHA256
e1282924e26d343d456ddf0116743f824a6dc4487771e509edaac2926c5bad9e
-
SHA512
bf83ffe1b3682ff834567d857d0b5a63e78f3559054fcfbeff1384055640b15b598cf8b130f4e69cb1b20101a3891f5d906e58bb7c23aa420b0a20c61f01b54a
-
SSDEEP
24576:qJOwbqiqcXO8YX9Gu/D3kVRWF8LpXyl4l39lnO9MQMxXYR:qJOwbqiqcXOR0VRWF0pXP9xO9MBoR
Malware Config
Targets
-
-
Target
247d9d08ebe86059bc2784f27b1d2a1b_JaffaCakes118
-
Size
1009KB
-
MD5
247d9d08ebe86059bc2784f27b1d2a1b
-
SHA1
68a3f6b43628d669ea09083bc17697da43a69adf
-
SHA256
e1282924e26d343d456ddf0116743f824a6dc4487771e509edaac2926c5bad9e
-
SHA512
bf83ffe1b3682ff834567d857d0b5a63e78f3559054fcfbeff1384055640b15b598cf8b130f4e69cb1b20101a3891f5d906e58bb7c23aa420b0a20c61f01b54a
-
SSDEEP
24576:qJOwbqiqcXO8YX9Gu/D3kVRWF8LpXyl4l39lnO9MQMxXYR:qJOwbqiqcXOR0VRWF0pXP9xO9MBoR
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Server Software Component: Terminal Services DLL
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-