General
-
Target
74843f1fbed57103c8334467c1b3ac3e_JaffaCakes118
-
Size
282KB
-
Sample
240726-sahwjayapc
-
MD5
74843f1fbed57103c8334467c1b3ac3e
-
SHA1
94cffc0ef106a9076c08bd4a762c4e195e1710b5
-
SHA256
50e3416e50666938a61d2a111d9e4e59cef25ec5984a0d4e0762de0510fcb226
-
SHA512
f10f0857c5e13ee123c7bc45b64f7c9933eb173abf46867b722b5919bfc561d9267592c1410ac06b4684c8a5dc8c7a40edd4e684f513427d07d290603432bcda
-
SSDEEP
6144:QiqvdXjiVwTcbaALDSuQwMq/AS/ed6paqlJrhBJN:QigdXEwI2A3DMA/i6pawJVBJN
Static task
static1
Behavioral task
behavioral1
Sample
74843f1fbed57103c8334467c1b3ac3e_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
74843f1fbed57103c8334467c1b3ac3e_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
74843f1fbed57103c8334467c1b3ac3e_JaffaCakes118
-
Size
282KB
-
MD5
74843f1fbed57103c8334467c1b3ac3e
-
SHA1
94cffc0ef106a9076c08bd4a762c4e195e1710b5
-
SHA256
50e3416e50666938a61d2a111d9e4e59cef25ec5984a0d4e0762de0510fcb226
-
SHA512
f10f0857c5e13ee123c7bc45b64f7c9933eb173abf46867b722b5919bfc561d9267592c1410ac06b4684c8a5dc8c7a40edd4e684f513427d07d290603432bcda
-
SSDEEP
6144:QiqvdXjiVwTcbaALDSuQwMq/AS/ed6paqlJrhBJN:QigdXEwI2A3DMA/i6pawJVBJN
Score10/10-
Gh0st RAT payload
-
Server Software Component: Terminal Services DLL
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-