Overview

overview

10

Static

static

3

0599dfd40d...18.exe

windows7-x64

10

0599dfd40d...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    0599dfd40da7c93b8d4a3cdb0696b6eb_JaffaCakes118

  • Size

    75KB

  • Sample

    241001-nc6yxswfln

  • MD5

    0599dfd40da7c93b8d4a3cdb0696b6eb

  • SHA1

    e0ed5feda193222af162f1ae54b9a0bbf3125c77

  • SHA256

    1b2be28a7d4131fed9de86299d32ab3704d162d33f3b6cc5bb3f80a9be785e80

  • SHA512

    4ceb54e1eedf19eb6dc21129aad2efed22afa8ad082f7a8cfab821aa3cd7a61b2cb372c8addcf078b6b5b3c0da2e43835421870a4c8deb2f3d9869716f8fbaaf

  • SSDEEP

    1536:LCT0F78JS0i6DyjmRUsVHWL5xgZuOq2v7vBlTTXWGn7nYS:ZHBmRUoZuOq2zBlTTXWzS

Score
10/10
gh0stratdiscoveryrat

Malware Config

Targets

    • Target

      0599dfd40da7c93b8d4a3cdb0696b6eb_JaffaCakes118

    • Size

      75KB

    • MD5

      0599dfd40da7c93b8d4a3cdb0696b6eb

    • SHA1

      e0ed5feda193222af162f1ae54b9a0bbf3125c77

    • SHA256

      1b2be28a7d4131fed9de86299d32ab3704d162d33f3b6cc5bb3f80a9be785e80

    • SHA512

      4ceb54e1eedf19eb6dc21129aad2efed22afa8ad082f7a8cfab821aa3cd7a61b2cb372c8addcf078b6b5b3c0da2e43835421870a4c8deb2f3d9869716f8fbaaf

    • SSDEEP

      1536:LCT0F78JS0i6DyjmRUsVHWL5xgZuOq2v7vBlTTXWGn7nYS:ZHBmRUoZuOq2zBlTTXWzS

    Score
    10/10
    gh0stratdiscoveryrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks