General

  • Target

    6f7a107dc916475497c8879a9e961e57_JaffaCakes118

  • Size

    96KB

  • Sample

    240725-n45vyaxdpn

  • MD5

    6f7a107dc916475497c8879a9e961e57

  • SHA1

    c47ff28d6f76ed36daf1a403dba06497cf5dcd16

  • SHA256

    177bdecacc90c4fb1b0a4b4af7d14e5548f6bb58a1c21eca6753c945845043ce

  • SHA512

    0854a7907c488d958e2604557c9fc7742e633355947d774a23bfd16cda5f865f6ac5483fef98f2ea5de5ccf90cc2d0878ac56e23db4bc5616603437dbc141d08

  • SSDEEP

    1536:foFusSx9qYMhdFHS8qdydo3nTzhYxJA+CwNUtBZVY9v8pr+RF1MgI:f6S4jHS8q/3nTzePCwNUh4E9+MgI

Malware Config

Targets

    • Target

      6f7a107dc916475497c8879a9e961e57_JaffaCakes118

    • Size

      96KB

    • MD5

      6f7a107dc916475497c8879a9e961e57

    • SHA1

      c47ff28d6f76ed36daf1a403dba06497cf5dcd16

    • SHA256

      177bdecacc90c4fb1b0a4b4af7d14e5548f6bb58a1c21eca6753c945845043ce

    • SHA512

      0854a7907c488d958e2604557c9fc7742e633355947d774a23bfd16cda5f865f6ac5483fef98f2ea5de5ccf90cc2d0878ac56e23db4bc5616603437dbc141d08

    • SSDEEP

      1536:foFusSx9qYMhdFHS8qdydo3nTzhYxJA+CwNUtBZVY9v8pr+RF1MgI:f6S4jHS8q/3nTzePCwNUh4E9+MgI

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks