Overview

overview

10

Static

static

5

17d518b43f...18.exe

windows7-x64

10

17d518b43f...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    17d518b43fa67d4d6dc26a0f3dda2837_JaffaCakes118

  • Size

    700KB

  • Sample

    241006-m8hers1apq

  • MD5

    17d518b43fa67d4d6dc26a0f3dda2837

  • SHA1

    8940ed069d449892e63c8f532e71c96a61d05222

  • SHA256

    765f9819c173d73f7f1265e69ad590104581d6f10c882713897a47107e0116f9

  • SHA512

    b2ab33fc3c54928128c285663c481cafb30463cdb54525bde725d1aa2dcf62de579b3ea05e42a273134350b6e7c6b66eb76e60ff5b753a0f165c6cb64e8ec69a

  • SSDEEP

    6144:QGzRxSVtp0l6whGfsKR+zkBpTaa5tJH5WV5HANUTNBHANUNEZ:jt0VPFfsKAkrbPl5u5HANUTNBHANUNEZ

Score
10/10
gh0stratdiscoverypersistenceratupx

Malware Config

Targets

    • Target

      17d518b43fa67d4d6dc26a0f3dda2837_JaffaCakes118

    • Size

      700KB

    • MD5

      17d518b43fa67d4d6dc26a0f3dda2837

    • SHA1

      8940ed069d449892e63c8f532e71c96a61d05222

    • SHA256

      765f9819c173d73f7f1265e69ad590104581d6f10c882713897a47107e0116f9

    • SHA512

      b2ab33fc3c54928128c285663c481cafb30463cdb54525bde725d1aa2dcf62de579b3ea05e42a273134350b6e7c6b66eb76e60ff5b753a0f165c6cb64e8ec69a

    • SSDEEP

      6144:QGzRxSVtp0l6whGfsKR+zkBpTaa5tJH5WV5HANUTNBHANUNEZ:jt0VPFfsKAkrbPl5u5HANUTNBHANUNEZ

    Score
    10/10
    gh0stratdiscoverypersistenceratupx

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks