Overview

overview

10

Static

static

3

77970a954e...18.exe

windows7-x64

10

77970a954e...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    77970a954e8e00bca768f6913831b915_JaffaCakes118

  • Size

    164KB

  • Sample

    240727-kxs11ssale

  • MD5

    77970a954e8e00bca768f6913831b915

  • SHA1

    45ae0952d04610479762340533060f158aca0da5

  • SHA256

    c40f2596b6424e31dbaf29e1cf3157ce819149a29b2e0cdafe6c17e7eb6c25c7

  • SHA512

    50893270517685fa2e329b8d49e14bbeed9e33146f62e1963870e8a5000fe27db8fd4310e945be0e0f11d88ac82e29cc333ad78d1c9d1a6b95b9712b1f2a1f18

  • SSDEEP

    3072:k240YbRv/nl8glGi6KkWUR6qev3S6q+WDtDOUeGCIrF1j6iJxb:/Y1v/nCpbWUR6qePxqh4UeGCIrbeiJx

Score
10/10
gh0stratdiscoveryrat

Malware Config

Targets

    • Target

      77970a954e8e00bca768f6913831b915_JaffaCakes118

    • Size

      164KB

    • MD5

      77970a954e8e00bca768f6913831b915

    • SHA1

      45ae0952d04610479762340533060f158aca0da5

    • SHA256

      c40f2596b6424e31dbaf29e1cf3157ce819149a29b2e0cdafe6c17e7eb6c25c7

    • SHA512

      50893270517685fa2e329b8d49e14bbeed9e33146f62e1963870e8a5000fe27db8fd4310e945be0e0f11d88ac82e29cc333ad78d1c9d1a6b95b9712b1f2a1f18

    • SSDEEP

      3072:k240YbRv/nl8glGi6KkWUR6qev3S6q+WDtDOUeGCIrF1j6iJxb:/Y1v/nCpbWUR6qePxqh4UeGCIrbeiJx

    Score
    10/10
    gh0stratdiscoveryrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks