General
-
Target
3af94d49a475185e05d2d9508f50efcc_JaffaCakes118
-
Size
113KB
-
Sample
240711-2fmlcaxcjk
-
MD5
3af94d49a475185e05d2d9508f50efcc
-
SHA1
a4c4b7cafeb326c9400a575fd34c97e437d3599f
-
SHA256
3da017fdfe7cf83fcbc1ab2ec7e1bf78d3de1865b0221abc2617dc9bc79f629a
-
SHA512
550b8fdd48384c3583bbbf813296c634d86af406552159daabad0fc7c893993a14e32cd22fcda395594bd75ef9837aa9741ad22ef14ede92372adbee95e4b92f
-
SSDEEP
1536:7/JHe0U26jOEg+yuq9ceVrfsGS50vCx3bodc6kEJCvzUAD:7xzKOEVfq9pV7sGSw/vkEJCVD
Malware Config
Targets
-
-
Target
3af94d49a475185e05d2d9508f50efcc_JaffaCakes118
-
Size
113KB
-
MD5
3af94d49a475185e05d2d9508f50efcc
-
SHA1
a4c4b7cafeb326c9400a575fd34c97e437d3599f
-
SHA256
3da017fdfe7cf83fcbc1ab2ec7e1bf78d3de1865b0221abc2617dc9bc79f629a
-
SHA512
550b8fdd48384c3583bbbf813296c634d86af406552159daabad0fc7c893993a14e32cd22fcda395594bd75ef9837aa9741ad22ef14ede92372adbee95e4b92f
-
SSDEEP
1536:7/JHe0U26jOEg+yuq9ceVrfsGS50vCx3bodc6kEJCvzUAD:7xzKOEVfq9pV7sGSw/vkEJCVD
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Executes dropped EXE
-
Adds Run key to start application
-