Overview

overview

10

Static

static

10

e2550344fd...18.exe

windows7-x64

10

e2550344fd...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    e2550344fd15408fb2d43a230f4c1ff7_JaffaCakes118

  • Size

    113KB

  • Sample

    240915-m5gzts1drm

  • MD5

    e2550344fd15408fb2d43a230f4c1ff7

  • SHA1

    bb8216ace49da4158166c8fe9e46be797f1bc609

  • SHA256

    dfc7d3a9a884304c3adca7d6118d08988319bb86289cbda42750485df97020e6

  • SHA512

    354b63d4c805e7fab427c9f06f22f0b5ec103a354b7738922e53c47fae2d8c121c686a0170a2e59d47888c2b4c6da7a4fbfba729246f8ae86c6eea0c68312456

  • SSDEEP

    1536:T/JHe0U26jOEg+yuq9ceVrfsGS50vCx3bodc6kEJCizUAJ:TxzKOEVfq9pV7sGSw/vkEJCEJ

Score
10/10
gh0stratdiscoverypersistencerat

Malware Config

Targets

    • Target

      e2550344fd15408fb2d43a230f4c1ff7_JaffaCakes118

    • Size

      113KB

    • MD5

      e2550344fd15408fb2d43a230f4c1ff7

    • SHA1

      bb8216ace49da4158166c8fe9e46be797f1bc609

    • SHA256

      dfc7d3a9a884304c3adca7d6118d08988319bb86289cbda42750485df97020e6

    • SHA512

      354b63d4c805e7fab427c9f06f22f0b5ec103a354b7738922e53c47fae2d8c121c686a0170a2e59d47888c2b4c6da7a4fbfba729246f8ae86c6eea0c68312456

    • SSDEEP

      1536:T/JHe0U26jOEg+yuq9ceVrfsGS50vCx3bodc6kEJCizUAJ:TxzKOEVfq9pV7sGSw/vkEJCEJ

    Score
    10/10
    gh0stratdiscoverypersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks