Overview

overview

10

Static

static

3

a849606bfa...18.exe

windows7-x64

10

a849606bfa...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    a849606bfa1cb2d8de1811362e050cd0_JaffaCakes118

  • Size

    253KB

  • Sample

    240818-1cjjvaydkr

  • MD5

    a849606bfa1cb2d8de1811362e050cd0

  • SHA1

    9360e135227d67fd8e3f82df760039c5966dab94

  • SHA256

    119f1c8199edbb23b853fdf1939de1622837ce11fd5c9b2d26a17e5c8b115ddd

  • SHA512

    10417e00ae066fc0fe635e383cb9e2dad84edb8f134e818e8324e0df96dbb9ed0c23960f37e828b1669a1d4c874e6a0dba86998ced0af9bd095738cd24efc21b

  • SSDEEP

    6144:7bu5J2SDq68iXgk4g3+sKPGCuo8KeaEUL6DC+3MkS:nK38iwkZ+s8GTo7tEULb+3Mk

Score
10/10
gh0stratdiscoverypersistencerat

Malware Config

Targets

    • Target

      a849606bfa1cb2d8de1811362e050cd0_JaffaCakes118

    • Size

      253KB

    • MD5

      a849606bfa1cb2d8de1811362e050cd0

    • SHA1

      9360e135227d67fd8e3f82df760039c5966dab94

    • SHA256

      119f1c8199edbb23b853fdf1939de1622837ce11fd5c9b2d26a17e5c8b115ddd

    • SHA512

      10417e00ae066fc0fe635e383cb9e2dad84edb8f134e818e8324e0df96dbb9ed0c23960f37e828b1669a1d4c874e6a0dba86998ced0af9bd095738cd24efc21b

    • SSDEEP

      6144:7bu5J2SDq68iXgk4g3+sKPGCuo8KeaEUL6DC+3MkS:nK38iwkZ+s8GTo7tEULb+3Mk

    Score
    10/10
    gh0stratdiscoverypersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks