Overview

overview

10

Static

static

10

3784650d6e...18.exe

windows7-x64

10

3784650d6e...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3784650d6e2ee105f1b3d2ae90052e0a_JaffaCakes118

  • Size

    206KB

  • Sample

    240711-dwh14awfmq

  • MD5

    3784650d6e2ee105f1b3d2ae90052e0a

  • SHA1

    ce3f6b0056fca8b259eb118403153b7e3517c859

  • SHA256

    a5edb9b16066ce23ee708edb76a496ebe32d20638c3c7131893209fb615e9f06

  • SHA512

    180166b7ff303931a79f89432eb4586643bfcebcc6737c62f0152be2dd4f721aeebd31f5d590ecca026ba742b34e95c09a33b34cfd80f48d8b938eb9cc063ec5

  • SSDEEP

    6144:lsIt6nWEQgBTyPRqyhYPbOcTBlhHrNndnkv0y:69WEQJq8YPbOcT3Ul

Score
10/10
gh0stratbootkitpersistencerat

Malware Config

Targets

    • Target

      3784650d6e2ee105f1b3d2ae90052e0a_JaffaCakes118

    • Size

      206KB

    • MD5

      3784650d6e2ee105f1b3d2ae90052e0a

    • SHA1

      ce3f6b0056fca8b259eb118403153b7e3517c859

    • SHA256

      a5edb9b16066ce23ee708edb76a496ebe32d20638c3c7131893209fb615e9f06

    • SHA512

      180166b7ff303931a79f89432eb4586643bfcebcc6737c62f0152be2dd4f721aeebd31f5d590ecca026ba742b34e95c09a33b34cfd80f48d8b938eb9cc063ec5

    • SSDEEP

      6144:lsIt6nWEQgBTyPRqyhYPbOcTBlhHrNndnkv0y:69WEQJq8YPbOcT3Ul

    Score
    10/10
    gh0stratbootkitpersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks