General

  • Target

    4e9debf0cfe84cb65837cc28102623af_JaffaCakes118

  • Size

    272KB

  • Sample

    241016-x6147s1hnl

  • MD5

    4e9debf0cfe84cb65837cc28102623af

  • SHA1

    eae7a1b92e0da1fd71a61a35b9abfafa25050b43

  • SHA256

    738fa29a42404c1b10ab5a39daed651ea34304d81dce64ee8d5da8f3944450c1

  • SHA512

    2b02c8af8102883ab1da84feedc9fe1f3c6a77d86f989e610c04893ffc98a4149ee7bbc1b3df23691941f1cc9dc46909a58d21eacaa9a58e6dc0c79c66361604

  • SSDEEP

    6144:tHgevcpYYMxNZFQbooXnuUEF9Gi2wvEd8dF:tHgevcoxSjX/in2wa8d

Malware Config

Targets

    • Target

      4e9debf0cfe84cb65837cc28102623af_JaffaCakes118

    • Size

      272KB

    • MD5

      4e9debf0cfe84cb65837cc28102623af

    • SHA1

      eae7a1b92e0da1fd71a61a35b9abfafa25050b43

    • SHA256

      738fa29a42404c1b10ab5a39daed651ea34304d81dce64ee8d5da8f3944450c1

    • SHA512

      2b02c8af8102883ab1da84feedc9fe1f3c6a77d86f989e610c04893ffc98a4149ee7bbc1b3df23691941f1cc9dc46909a58d21eacaa9a58e6dc0c79c66361604

    • SSDEEP

      6144:tHgevcpYYMxNZFQbooXnuUEF9Gi2wvEd8dF:tHgevcoxSjX/in2wa8d

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Executes dropped EXE

    • Loads dropped DLL

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks