General
-
Target
4e9debf0cfe84cb65837cc28102623af_JaffaCakes118
-
Size
272KB
-
Sample
241016-x6147s1hnl
-
MD5
4e9debf0cfe84cb65837cc28102623af
-
SHA1
eae7a1b92e0da1fd71a61a35b9abfafa25050b43
-
SHA256
738fa29a42404c1b10ab5a39daed651ea34304d81dce64ee8d5da8f3944450c1
-
SHA512
2b02c8af8102883ab1da84feedc9fe1f3c6a77d86f989e610c04893ffc98a4149ee7bbc1b3df23691941f1cc9dc46909a58d21eacaa9a58e6dc0c79c66361604
-
SSDEEP
6144:tHgevcpYYMxNZFQbooXnuUEF9Gi2wvEd8dF:tHgevcoxSjX/in2wa8d
Static task
static1
Behavioral task
behavioral1
Sample
4e9debf0cfe84cb65837cc28102623af_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
4e9debf0cfe84cb65837cc28102623af_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
4e9debf0cfe84cb65837cc28102623af_JaffaCakes118
-
Size
272KB
-
MD5
4e9debf0cfe84cb65837cc28102623af
-
SHA1
eae7a1b92e0da1fd71a61a35b9abfafa25050b43
-
SHA256
738fa29a42404c1b10ab5a39daed651ea34304d81dce64ee8d5da8f3944450c1
-
SHA512
2b02c8af8102883ab1da84feedc9fe1f3c6a77d86f989e610c04893ffc98a4149ee7bbc1b3df23691941f1cc9dc46909a58d21eacaa9a58e6dc0c79c66361604
-
SSDEEP
6144:tHgevcpYYMxNZFQbooXnuUEF9Gi2wvEd8dF:tHgevcoxSjX/in2wa8d
-
Gh0st RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-