General

  • Target

    6245a40eee0bd1a8b0ea30e286e6b5f2_JaffaCakes118

  • Size

    993KB

  • Sample

    240722-h6lxysvgqk

  • MD5

    6245a40eee0bd1a8b0ea30e286e6b5f2

  • SHA1

    2acd51a4d8b9e32a331ebae01c838335e432c820

  • SHA256

    5ff6c047b362c0ff9e78ff48925e57c19ce5eb2addee58e9135d755e11ec7b23

  • SHA512

    bf36f244ab159c8394c78e0e949c668f7eb2fbcbb427c4389bfbf597bc0db8992f2b6cf96178b6ce0ff6f0c9d7aed4f4aea86e51d34c83b39a76af61cf3f8f01

  • SSDEEP

    12288:iM5jZKbBL3aKHx5r+TuxX+fWbwFBfdGmZKK:iM5j8Z3aKHx5r+TuxX+IwffFZKK

Malware Config

Targets

    • Target

      6245a40eee0bd1a8b0ea30e286e6b5f2_JaffaCakes118

    • Size

      993KB

    • MD5

      6245a40eee0bd1a8b0ea30e286e6b5f2

    • SHA1

      2acd51a4d8b9e32a331ebae01c838335e432c820

    • SHA256

      5ff6c047b362c0ff9e78ff48925e57c19ce5eb2addee58e9135d755e11ec7b23

    • SHA512

      bf36f244ab159c8394c78e0e949c668f7eb2fbcbb427c4389bfbf597bc0db8992f2b6cf96178b6ce0ff6f0c9d7aed4f4aea86e51d34c83b39a76af61cf3f8f01

    • SSDEEP

      12288:iM5jZKbBL3aKHx5r+TuxX+fWbwFBfdGmZKK:iM5j8Z3aKHx5r+TuxX+IwffFZKK

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks