Overview

overview

10

Static

static

10

6ff2a4ca12...18.exe

windows7-x64

10

6ff2a4ca12...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6ff2a4ca1236a40cdbde74c086a949d5_JaffaCakes118

  • Size

    223KB

  • Sample

    240725-rqadnawenf

  • MD5

    6ff2a4ca1236a40cdbde74c086a949d5

  • SHA1

    5f451121f14af83791655ad6117813b2facfd963

  • SHA256

    05ff107131d3bb78a5d1b9ace8b07ee9552eab5c9476eed3dba6d730fc9b9d35

  • SHA512

    d8f8335cafb6b6991bc7763549cb4dd21b305ccba93c14e439d64cf412dc4e0f84dce3cf4043fb2dfd3087de2747f2e119a3900daa8dc8558d5ab8fb9beb928f

  • SSDEEP

    6144:ZZM4nDWgRAkPwUrWbi7cJVGpxx9bKwZuwk4GHeqo:1R3PwUdoJI3LK+RT

Score
10/10
gh0stratdiscoveryrat

Malware Config

Targets

    • Target

      6ff2a4ca1236a40cdbde74c086a949d5_JaffaCakes118

    • Size

      223KB

    • MD5

      6ff2a4ca1236a40cdbde74c086a949d5

    • SHA1

      5f451121f14af83791655ad6117813b2facfd963

    • SHA256

      05ff107131d3bb78a5d1b9ace8b07ee9552eab5c9476eed3dba6d730fc9b9d35

    • SHA512

      d8f8335cafb6b6991bc7763549cb4dd21b305ccba93c14e439d64cf412dc4e0f84dce3cf4043fb2dfd3087de2747f2e119a3900daa8dc8558d5ab8fb9beb928f

    • SSDEEP

      6144:ZZM4nDWgRAkPwUrWbi7cJVGpxx9bKwZuwk4GHeqo:1R3PwUdoJI3LK+RT

    Score
    10/10
    gh0stratdiscoveryrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Deletes itself

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks