General
-
Target
e21f82b6ea6ce72283d4e28fc8f04b4e_JaffaCakes118
-
Size
95KB
-
Sample
240915-kt4y4svgna
-
MD5
e21f82b6ea6ce72283d4e28fc8f04b4e
-
SHA1
42eeaa042b327808d6a70f0e88f7db207952c9d0
-
SHA256
bb9f497e148f73729b7f719c8607c34ea22a872126a4430ee71099dd9b39d342
-
SHA512
8b6abd57c30ccb96dc33471837d89bbe93ac10d49925bfce109cd484a778867fee89cf90b83373e06d176a616db43327d2b5fa08bf4e890a83c98a162c574be3
-
SSDEEP
1536:dFFusSx9qYMhdFHS8qdydo3nTzhYxJA+CwNUtBZVY9v8pr5tbYa7K:dLS4jHS8q/3nTzePCwNUh4E9Dd7K
Malware Config
Targets
-
-
Target
e21f82b6ea6ce72283d4e28fc8f04b4e_JaffaCakes118
-
Size
95KB
-
MD5
e21f82b6ea6ce72283d4e28fc8f04b4e
-
SHA1
42eeaa042b327808d6a70f0e88f7db207952c9d0
-
SHA256
bb9f497e148f73729b7f719c8607c34ea22a872126a4430ee71099dd9b39d342
-
SHA512
8b6abd57c30ccb96dc33471837d89bbe93ac10d49925bfce109cd484a778867fee89cf90b83373e06d176a616db43327d2b5fa08bf4e890a83c98a162c574be3
-
SSDEEP
1536:dFFusSx9qYMhdFHS8qdydo3nTzhYxJA+CwNUtBZVY9v8pr5tbYa7K:dLS4jHS8q/3nTzePCwNUh4E9Dd7K
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-