General
-
Target
a8aeae65fd08256815f189b89cfb680d_JaffaCakes118
-
Size
125KB
-
Sample
240818-3kl12s1dmf
-
MD5
a8aeae65fd08256815f189b89cfb680d
-
SHA1
994e4b5d3f1af1acf5c99d2e68433124c335cce3
-
SHA256
d2efaa5e7e261e78cc4be7f1a61060376d7daa0e7439041095986003622bdf5a
-
SHA512
13c05371c68c3fe0fda09ccbe3a1a189b1f5e9a5cbc23fadeff68020853d78fc5c409e8795aba67f1d25aa884c980dab8701410d2e6b79363fcafced92018ef7
-
SSDEEP
3072:S3hHxyQvVwpG1b2j7ChrzMDvih7laMPoFtdJK1:S5xyQvVwpGt23ChrAmhxBitdA
Malware Config
Targets
-
-
Target
a8aeae65fd08256815f189b89cfb680d_JaffaCakes118
-
Size
125KB
-
MD5
a8aeae65fd08256815f189b89cfb680d
-
SHA1
994e4b5d3f1af1acf5c99d2e68433124c335cce3
-
SHA256
d2efaa5e7e261e78cc4be7f1a61060376d7daa0e7439041095986003622bdf5a
-
SHA512
13c05371c68c3fe0fda09ccbe3a1a189b1f5e9a5cbc23fadeff68020853d78fc5c409e8795aba67f1d25aa884c980dab8701410d2e6b79363fcafced92018ef7
-
SSDEEP
3072:S3hHxyQvVwpG1b2j7ChrzMDvih7laMPoFtdJK1:S5xyQvVwpGt23ChrAmhxBitdA
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Server Software Component: Terminal Services DLL
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-