General
-
Target
94e6c9d22463d83b4402d06db0a9d3ed_JaffaCakes118
-
Size
767KB
-
Sample
240813-1wjnysshkj
-
MD5
94e6c9d22463d83b4402d06db0a9d3ed
-
SHA1
7c4cab2177d575a5c31acdfb4e9d08840f3de713
-
SHA256
f5efa4fd95d202fa4a7b8840d765d80d542ef50f612df06eea5df91291ec4273
-
SHA512
64fe35390c7f7285057f323d248efbf9e6dec73d0d36bf107a8e9a14983aaa10ab02f978d84a585618d3e868bec8379a7a98a57710a1f20eccd64f0a438ab048
-
SSDEEP
12288:1gZNodYlG4wxdrzveiNzldJ5Pgd6a715amnGXP2AvsaCa1LcXceSpI1UmW2O9cD8:2Z6dYlG4yrzveiNzZSdx7naregw0Lcdu
Malware Config
Targets
-
-
Target
94e6c9d22463d83b4402d06db0a9d3ed_JaffaCakes118
-
Size
767KB
-
MD5
94e6c9d22463d83b4402d06db0a9d3ed
-
SHA1
7c4cab2177d575a5c31acdfb4e9d08840f3de713
-
SHA256
f5efa4fd95d202fa4a7b8840d765d80d542ef50f612df06eea5df91291ec4273
-
SHA512
64fe35390c7f7285057f323d248efbf9e6dec73d0d36bf107a8e9a14983aaa10ab02f978d84a585618d3e868bec8379a7a98a57710a1f20eccd64f0a438ab048
-
SSDEEP
12288:1gZNodYlG4wxdrzveiNzldJ5Pgd6a715amnGXP2AvsaCa1LcXceSpI1UmW2O9cD8:2Z6dYlG4yrzveiNzZSdx7naregw0Lcdu
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks whether UAC is enabled
-