Overview

overview

10

Static

static

3

3e79336257...18.exe

windows7-x64

10

3e79336257...18.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    3e79336257435e95419c0e4174a9067f_JaffaCakes118

  • Size

    534KB

  • Sample

    240712-xhew3axhqc

  • MD5

    3e79336257435e95419c0e4174a9067f

  • SHA1

    b2ec8ccd3d61f361d8248e4e913cba0c3e2e9ba4

  • SHA256

    f76e41df7cadcc22656a7233cc59fbea0abfa0a89f2e12e8f200a90647bc16a2

  • SHA512

    9ce8a105005577029c2881488d9aad55a19a566d0168d10f4e150d3f54b9adcd65834d894154638df402caa6e767b8f065338422269497ca55d8aad504c29e5f

  • SSDEEP

    12288:xM+sIFEy/R3PdrHGLxe0DF6A3gpk5mBCEVG56vrD0Tvsx:SWn/R3PdrAx7DB3gC5mzhP0Tvsx

Score
10/10
gh0stratpersistencerat

Malware Config

Targets

    • Target

      3e79336257435e95419c0e4174a9067f_JaffaCakes118

    • Size

      534KB

    • MD5

      3e79336257435e95419c0e4174a9067f

    • SHA1

      b2ec8ccd3d61f361d8248e4e913cba0c3e2e9ba4

    • SHA256

      f76e41df7cadcc22656a7233cc59fbea0abfa0a89f2e12e8f200a90647bc16a2

    • SHA512

      9ce8a105005577029c2881488d9aad55a19a566d0168d10f4e150d3f54b9adcd65834d894154638df402caa6e767b8f065338422269497ca55d8aad504c29e5f

    • SSDEEP

      12288:xM+sIFEy/R3PdrHGLxe0DF6A3gpk5mBCEVG56vrD0Tvsx:SWn/R3PdrAx7DB3gC5mzhP0Tvsx

    Score
    10/10
    gh0stratpersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Server Software Component: Terminal Services DLL

      persistence

    • Deletes itself

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks