Overview

overview

10

Static

static

5

15996db71d...18.exe

windows7-x64

10

15996db71d...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    15996db71d4332c648b9f7c8e7535c5b_JaffaCakes118

  • Size

    764KB

  • Sample

    241005-bk8q9swhqq

  • MD5

    15996db71d4332c648b9f7c8e7535c5b

  • SHA1

    887aef486356d2bd6aa295d12d037099206507c5

  • SHA256

    78777dbcc2038c54f51ac619a05641e1d5a0de39f66022b4c8bb7d7a982261d0

  • SHA512

    7133e50a861ef1d6dfc0c670b22a13d16154ec34264641dc67c113f42a9f7dd902195469f69a9a5e49a1e8e70642f0df8f10fcf8e1a00cd7d4869afc2ee0bbcd

  • SSDEEP

    12288:jt0VPFfsKAkrbPl7cHANUTNhG8HANUTNRHANUTNK:SFksbMGL

Score
10/10
gh0stratdiscoverypersistenceratupx

Malware Config

Targets

    • Target

      15996db71d4332c648b9f7c8e7535c5b_JaffaCakes118

    • Size

      764KB

    • MD5

      15996db71d4332c648b9f7c8e7535c5b

    • SHA1

      887aef486356d2bd6aa295d12d037099206507c5

    • SHA256

      78777dbcc2038c54f51ac619a05641e1d5a0de39f66022b4c8bb7d7a982261d0

    • SHA512

      7133e50a861ef1d6dfc0c670b22a13d16154ec34264641dc67c113f42a9f7dd902195469f69a9a5e49a1e8e70642f0df8f10fcf8e1a00cd7d4869afc2ee0bbcd

    • SSDEEP

      12288:jt0VPFfsKAkrbPl7cHANUTNhG8HANUTNRHANUTNK:SFksbMGL

    Score
    10/10
    gh0stratdiscoverypersistenceratupx

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks