Overview

overview

10

Static

static

10

a13d65f738...18.exe

windows7-x64

10

a13d65f738...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a13d65f738b8ec8c6eb6e4483893f1f3_JaffaCakes118

  • Size

    196KB

  • Sample

    240817-fb6yjaxgkg

  • MD5

    a13d65f738b8ec8c6eb6e4483893f1f3

  • SHA1

    063ee081a472f81eea4b56ef724b56fe48d9fe5f

  • SHA256

    91915f8cff1470b8c27f9c7f8f4cde0e1d0a4213d801f7ea2f001726a9ca657c

  • SHA512

    0c520e8cc53fa181355a662f219e24397bdaa5bcda77e6d076a7d80f4b0cbc1aa3fb30bae7f7d29f5fb80882f03623009fd88d3b4a314b5c17db9f5044776a38

  • SSDEEP

    6144:03L8mS6bFSjzJmMWGw0GxXpsYgoSzoBtcmkxRU:5N6UEGw0I2cuxO

Score
10/10
gh0stratdiscoverypersistencerat

Malware Config

Targets

    • Target

      a13d65f738b8ec8c6eb6e4483893f1f3_JaffaCakes118

    • Size

      196KB

    • MD5

      a13d65f738b8ec8c6eb6e4483893f1f3

    • SHA1

      063ee081a472f81eea4b56ef724b56fe48d9fe5f

    • SHA256

      91915f8cff1470b8c27f9c7f8f4cde0e1d0a4213d801f7ea2f001726a9ca657c

    • SHA512

      0c520e8cc53fa181355a662f219e24397bdaa5bcda77e6d076a7d80f4b0cbc1aa3fb30bae7f7d29f5fb80882f03623009fd88d3b4a314b5c17db9f5044776a38

    • SSDEEP

      6144:03L8mS6bFSjzJmMWGw0GxXpsYgoSzoBtcmkxRU:5N6UEGw0I2cuxO

    Score
    10/10
    gh0stratdiscoverypersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

      persistence

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks