Overview

overview

10

Static

static

3

efc1a26b75...18.exe

windows7-x64

10

efc1a26b75...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    efc1a26b756d2dac8dcd6c2aa4a32d5a_JaffaCakes118

  • Size

    192KB

  • Sample

    240921-n9218s1dqh

  • MD5

    efc1a26b756d2dac8dcd6c2aa4a32d5a

  • SHA1

    5786343413c862f504bc8a24f9b0ef82ec18bbf6

  • SHA256

    44eb6e1d59b3a6467318717a8077a1d2f41b058d74a48da78cb3aa2cd32b6a06

  • SHA512

    1e2aaf9df4b7de3848528d6dfcefb134619a9c55ce77fccba00dd837c194c060626bd6817bfa8b9a1b93ddc349bf621c28ef1df2d487c01300796d659531194e

  • SSDEEP

    3072:r8lpAxnWu6HeagPiloTm6Go1bJ+aGmt5E00tSZT8s56flH1UBZ60dbunnnnnnnnt:QlpAxnWu6LnloTJGobVO00tGosA9H1UF

Score
10/10
gh0stratbootkitdiscoverypersistencerat

Malware Config

Targets

    • Target

      efc1a26b756d2dac8dcd6c2aa4a32d5a_JaffaCakes118

    • Size

      192KB

    • MD5

      efc1a26b756d2dac8dcd6c2aa4a32d5a

    • SHA1

      5786343413c862f504bc8a24f9b0ef82ec18bbf6

    • SHA256

      44eb6e1d59b3a6467318717a8077a1d2f41b058d74a48da78cb3aa2cd32b6a06

    • SHA512

      1e2aaf9df4b7de3848528d6dfcefb134619a9c55ce77fccba00dd837c194c060626bd6817bfa8b9a1b93ddc349bf621c28ef1df2d487c01300796d659531194e

    • SSDEEP

      3072:r8lpAxnWu6HeagPiloTm6Go1bJ+aGmt5E00tSZT8s56flH1UBZ60dbunnnnnnnnt:QlpAxnWu6LnloTJGobVO00tGosA9H1UF

    Score
    10/10
    gh0stratbootkitdiscoverypersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Deletes itself

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks