Overview

overview

10

Static

static

10

71f0ad76ec...18.exe

windows7-x64

10

71f0ad76ec...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    71f0ad76ec174f097302157d23d16c0f_JaffaCakes118

  • Size

    120KB

  • Sample

    240726-a5a53avhpk

  • MD5

    71f0ad76ec174f097302157d23d16c0f

  • SHA1

    8dd3323d0087712a1a6d171bb8a59df532819e74

  • SHA256

    6ea8b7056448e4a6e521ea6b04dccc20cae0ffbac43fcd6aebee750cf8b4a663

  • SHA512

    4559e44082619f477be30986973db47b6cf12adae5c974007e9bb7414865c10b3106dd60896d3bf9954d09dc700463dc58426bb0be6835452e9d03c0b6288219

  • SSDEEP

    3072:InbJV3JdmKC2bXaqxbTlQ7RMfS8/C3UJ3NHM1HI:In1V3JdmKCCaW3ekSmBJ3CO

Score
10/10
gh0stratdiscoverypersistencerat

Malware Config

Targets

    • Target

      71f0ad76ec174f097302157d23d16c0f_JaffaCakes118

    • Size

      120KB

    • MD5

      71f0ad76ec174f097302157d23d16c0f

    • SHA1

      8dd3323d0087712a1a6d171bb8a59df532819e74

    • SHA256

      6ea8b7056448e4a6e521ea6b04dccc20cae0ffbac43fcd6aebee750cf8b4a663

    • SHA512

      4559e44082619f477be30986973db47b6cf12adae5c974007e9bb7414865c10b3106dd60896d3bf9954d09dc700463dc58426bb0be6835452e9d03c0b6288219

    • SSDEEP

      3072:InbJV3JdmKC2bXaqxbTlQ7RMfS8/C3UJ3NHM1HI:In1V3JdmKCCaW3ekSmBJ3CO

    Score
    10/10
    gh0stratdiscoverypersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Server Software Component: Terminal Services DLL

      persistence

    • Deletes itself

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks