Overview

overview

10

Static

static

10

686c5ba05c...18.exe

windows7-x64

10

686c5ba05c...18.exe

windows10-2004-x64

10

CERTIFICATE.dll

windows7-x64

10

CERTIFICATE.dll

windows10-2004-x64

10

CERTIFICATE.dll

windows7-x64

10

CERTIFICATE.dll

windows10-2004-x64

10

CERTIFICATE.dll

windows7-x64

10

CERTIFICATE.dll

windows10-2004-x64

10

CERTIFICATE.dll

windows7-x64

10

CERTIFICATE.dll

windows10-2004-x64

10

CERTIFICATE.dll

windows7-x64

10

CERTIFICATE.dll

windows10-2004-x64

10

CERTIFICATE.dll

windows7-x64

10

CERTIFICATE.dll

windows10-2004-x64

10

CERTIFICATE.dll

windows7-x64

10

CERTIFICATE.dll

windows10-2004-x64

10

CERTIFICATE.dll

windows7-x64

10

CERTIFICATE.dll

windows10-2004-x64

10

CERTIFICATE.dll

windows7-x64

10

CERTIFICATE.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    686c5ba05c4e8508f857855b96de1c58_JaffaCakes118

  • Size

    138KB

  • Sample

    240723-vf3t1asgkf

  • MD5

    686c5ba05c4e8508f857855b96de1c58

  • SHA1

    967fa3b7ca75d3f371ed0535fe5802ee8c3d9699

  • SHA256

    8d4f18738afe3cde45ab03f331c74e5b2be94dc065a16a39c714fbf0a872de41

  • SHA512

    ccac5689fc8ab443fc4e5d8593ab6e005e39086b2f40a6de468d864d9ebcec639c56841135b94ad92032329ba096fda6feca31769d46364e6e1dadaf4e8e1e52

  • SSDEEP

    3072:gFvBKS+26Y8zoz4EfZRzUKR/F4pEIbybZuwy1Uq4Peqov:gx8tA1fYmFEX2ZuwyCxeqo

Score
10/10
gh0stratdiscoveryrat

Malware Config

Targets

    • Target

      686c5ba05c4e8508f857855b96de1c58_JaffaCakes118

    • Size

      138KB

    • MD5

      686c5ba05c4e8508f857855b96de1c58

    • SHA1

      967fa3b7ca75d3f371ed0535fe5802ee8c3d9699

    • SHA256

      8d4f18738afe3cde45ab03f331c74e5b2be94dc065a16a39c714fbf0a872de41

    • SHA512

      ccac5689fc8ab443fc4e5d8593ab6e005e39086b2f40a6de468d864d9ebcec639c56841135b94ad92032329ba096fda6feca31769d46364e6e1dadaf4e8e1e52

    • SSDEEP

      3072:gFvBKS+26Y8zoz4EfZRzUKR/F4pEIbybZuwy1Uq4Peqov:gx8tA1fYmFEX2ZuwyCxeqo

    Score
    10/10
    gh0stratdiscoveryrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Deletes itself

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      CERTIFICATE

    • Size

      105KB

    • MD5

      8b9545d61d9a5a00d8814d25d45f48d0

    • SHA1

      6cea17c9c7a94145193bd68323d9a3f2106e37e7

    • SHA256

      209c3a320b248b4692b95326158b116456104e54005190c729dab03dd5581314

    • SHA512

      55359c0f593e0b6f2c578f2017b5aa1c5f36a452fa52869689ce71069371233177680d72a0647ee39721f3747599ac236173ddf7d2cd3536bedc9301a9fa4dae

    • SSDEEP

      3072:uvBKS+26Y8zoz4EfZRzUKR/F4pEIbybZuwy1Uq:o8tA1fYmFEX2ZuwyC

    Score
    10/10
    gh0stratdiscoveryrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Loads dropped DLL

    behavioral3behavioral4

    • Target

      CERTIFICATE

    • Size

      105KB

    • MD5

      8b9545d61d9a5a00d8814d25d45f48d0

    • SHA1

      6cea17c9c7a94145193bd68323d9a3f2106e37e7

    • SHA256

      209c3a320b248b4692b95326158b116456104e54005190c729dab03dd5581314

    • SHA512

      55359c0f593e0b6f2c578f2017b5aa1c5f36a452fa52869689ce71069371233177680d72a0647ee39721f3747599ac236173ddf7d2cd3536bedc9301a9fa4dae

    • SSDEEP

      3072:uvBKS+26Y8zoz4EfZRzUKR/F4pEIbybZuwy1Uq:o8tA1fYmFEX2ZuwyC

    Score
    10/10
    gh0stratdiscoveryrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Loads dropped DLL

    behavioral5behavioral6

    • Target

      CERTIFICATE

    • Size

      105KB

    • MD5

      8b9545d61d9a5a00d8814d25d45f48d0

    • SHA1

      6cea17c9c7a94145193bd68323d9a3f2106e37e7

    • SHA256

      209c3a320b248b4692b95326158b116456104e54005190c729dab03dd5581314

    • SHA512

      55359c0f593e0b6f2c578f2017b5aa1c5f36a452fa52869689ce71069371233177680d72a0647ee39721f3747599ac236173ddf7d2cd3536bedc9301a9fa4dae

    • SSDEEP

      3072:uvBKS+26Y8zoz4EfZRzUKR/F4pEIbybZuwy1Uq:o8tA1fYmFEX2ZuwyC

    Score
    10/10
    gh0stratdiscoveryrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Loads dropped DLL

    behavioral7behavioral8

    • Target

      CERTIFICATE

    • Size

      105KB

    • MD5

      8b9545d61d9a5a00d8814d25d45f48d0

    • SHA1

      6cea17c9c7a94145193bd68323d9a3f2106e37e7

    • SHA256

      209c3a320b248b4692b95326158b116456104e54005190c729dab03dd5581314

    • SHA512

      55359c0f593e0b6f2c578f2017b5aa1c5f36a452fa52869689ce71069371233177680d72a0647ee39721f3747599ac236173ddf7d2cd3536bedc9301a9fa4dae

    • SSDEEP

      3072:uvBKS+26Y8zoz4EfZRzUKR/F4pEIbybZuwy1Uq:o8tA1fYmFEX2ZuwyC

    Score
    10/10
    gh0stratdiscoveryrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Loads dropped DLL

    behavioral10behavioral9

    • Target

      CERTIFICATE

    • Size

      105KB

    • MD5

      8b9545d61d9a5a00d8814d25d45f48d0

    • SHA1

      6cea17c9c7a94145193bd68323d9a3f2106e37e7

    • SHA256

      209c3a320b248b4692b95326158b116456104e54005190c729dab03dd5581314

    • SHA512

      55359c0f593e0b6f2c578f2017b5aa1c5f36a452fa52869689ce71069371233177680d72a0647ee39721f3747599ac236173ddf7d2cd3536bedc9301a9fa4dae

    • SSDEEP

      3072:uvBKS+26Y8zoz4EfZRzUKR/F4pEIbybZuwy1Uq:o8tA1fYmFEX2ZuwyC

    Score
    10/10
    gh0stratdiscoveryrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Loads dropped DLL

    behavioral11behavioral12

    • Target

      CERTIFICATE

    • Size

      105KB

    • MD5

      8b9545d61d9a5a00d8814d25d45f48d0

    • SHA1

      6cea17c9c7a94145193bd68323d9a3f2106e37e7

    • SHA256

      209c3a320b248b4692b95326158b116456104e54005190c729dab03dd5581314

    • SHA512

      55359c0f593e0b6f2c578f2017b5aa1c5f36a452fa52869689ce71069371233177680d72a0647ee39721f3747599ac236173ddf7d2cd3536bedc9301a9fa4dae

    • SSDEEP

      3072:uvBKS+26Y8zoz4EfZRzUKR/F4pEIbybZuwy1Uq:o8tA1fYmFEX2ZuwyC

    Score
    10/10
    gh0stratdiscoveryrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Loads dropped DLL

    behavioral13behavioral14

    • Target

      CERTIFICATE

    • Size

      105KB

    • MD5

      8b9545d61d9a5a00d8814d25d45f48d0

    • SHA1

      6cea17c9c7a94145193bd68323d9a3f2106e37e7

    • SHA256

      209c3a320b248b4692b95326158b116456104e54005190c729dab03dd5581314

    • SHA512

      55359c0f593e0b6f2c578f2017b5aa1c5f36a452fa52869689ce71069371233177680d72a0647ee39721f3747599ac236173ddf7d2cd3536bedc9301a9fa4dae

    • SSDEEP

      3072:uvBKS+26Y8zoz4EfZRzUKR/F4pEIbybZuwy1Uq:o8tA1fYmFEX2ZuwyC

    Score
    10/10
    gh0stratdiscoveryrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Loads dropped DLL

    behavioral15behavioral16

    • Target

      CERTIFICATE

    • Size

      105KB

    • MD5

      8b9545d61d9a5a00d8814d25d45f48d0

    • SHA1

      6cea17c9c7a94145193bd68323d9a3f2106e37e7

    • SHA256

      209c3a320b248b4692b95326158b116456104e54005190c729dab03dd5581314

    • SHA512

      55359c0f593e0b6f2c578f2017b5aa1c5f36a452fa52869689ce71069371233177680d72a0647ee39721f3747599ac236173ddf7d2cd3536bedc9301a9fa4dae

    • SSDEEP

      3072:uvBKS+26Y8zoz4EfZRzUKR/F4pEIbybZuwy1Uq:o8tA1fYmFEX2ZuwyC

    Score
    10/10
    gh0stratdiscoveryrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Loads dropped DLL

    behavioral17behavioral18

    • Target

      CERTIFICATE

    • Size

      105KB

    • MD5

      8b9545d61d9a5a00d8814d25d45f48d0

    • SHA1

      6cea17c9c7a94145193bd68323d9a3f2106e37e7

    • SHA256

      209c3a320b248b4692b95326158b116456104e54005190c729dab03dd5581314

    • SHA512

      55359c0f593e0b6f2c578f2017b5aa1c5f36a452fa52869689ce71069371233177680d72a0647ee39721f3747599ac236173ddf7d2cd3536bedc9301a9fa4dae

    • SSDEEP

      3072:uvBKS+26Y8zoz4EfZRzUKR/F4pEIbybZuwy1Uq:o8tA1fYmFEX2ZuwyC

    Score
    10/10
    gh0stratdiscoveryrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Loads dropped DLL

    behavioral19behavioral20

MITRE ATT&CK Enterprise v15

Tasks

static1

gh0strat
Score
10/10

behavioral1

gh0stratdiscoveryrat
Score
10/10

behavioral2

gh0stratdiscoveryrat
Score
10/10

behavioral3

gh0stratdiscoveryrat
Score
10/10

behavioral4

gh0stratdiscoveryrat
Score
10/10

behavioral5

gh0stratdiscoveryrat
Score
10/10

behavioral6

gh0stratdiscoveryrat
Score
10/10

behavioral7

gh0stratdiscoveryrat
Score
10/10

behavioral8

gh0stratdiscoveryrat
Score
10/10

behavioral9

gh0stratdiscoveryrat
Score
10/10

behavioral10

gh0stratdiscoveryrat
Score
10/10

behavioral11

gh0stratdiscoveryrat
Score
10/10

behavioral12

gh0stratdiscoveryrat
Score
10/10

behavioral13

gh0stratdiscoveryrat
Score
10/10

behavioral14

gh0stratdiscoveryrat
Score
10/10

behavioral15

gh0stratdiscoveryrat
Score
10/10

behavioral16

gh0stratdiscoveryrat
Score
10/10

behavioral17

gh0stratdiscoveryrat
Score
10/10

behavioral18

gh0stratdiscoveryrat
Score
10/10

behavioral19

gh0stratdiscoveryrat
Score
10/10

behavioral20

gh0stratdiscoveryrat
Score
10/10