Overview

overview

10

Static

static

3

a2cb5711ea...18.exe

windows7-x64

10

a2cb5711ea...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    a2cb5711ea128a4a38d919e921a87535_JaffaCakes118

  • Size

    434KB

  • Sample

    240817-q7av3s1hrn

  • MD5

    a2cb5711ea128a4a38d919e921a87535

  • SHA1

    b6471ab1aaeff991c2998dda0c0dbff6c283a13f

  • SHA256

    f54c3087d7aaa6eae77e43b358c857c5f3034528dc19a8455e90c8f8c245828f

  • SHA512

    75d6e2a316c4b9425a085476e5f6a778619a86556682c465cc7401fbed3abd667a5d7c75b8ce99cdbbf59a8a4182f6a20b628cf5cc8439d2f966d685013349ea

  • SSDEEP

    12288:2JllO5BnwU0nssnP2RI0rZ4Qe7WmJED3lS:2Q59wVPeRdrZ4Qb3lS

Score
10/10
gh0stratdiscoverypersistencerat

Malware Config

Targets

    • Target

      a2cb5711ea128a4a38d919e921a87535_JaffaCakes118

    • Size

      434KB

    • MD5

      a2cb5711ea128a4a38d919e921a87535

    • SHA1

      b6471ab1aaeff991c2998dda0c0dbff6c283a13f

    • SHA256

      f54c3087d7aaa6eae77e43b358c857c5f3034528dc19a8455e90c8f8c245828f

    • SHA512

      75d6e2a316c4b9425a085476e5f6a778619a86556682c465cc7401fbed3abd667a5d7c75b8ce99cdbbf59a8a4182f6a20b628cf5cc8439d2f966d685013349ea

    • SSDEEP

      12288:2JllO5BnwU0nssnP2RI0rZ4Qe7WmJED3lS:2Q59wVPeRdrZ4Qb3lS

    Score
    10/10
    gh0stratdiscoverypersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks