General

  • Target

    7ccedc31be55eac12d1e0e7d9ffa9296_JaffaCakes118

  • Size

    200KB

  • Sample

    241029-1krv7ayrbw

  • MD5

    7ccedc31be55eac12d1e0e7d9ffa9296

  • SHA1

    798001498bb981acc0e6f06cabded7d68f065d92

  • SHA256

    cdde8682a5a8efb3d548ab446e9b3db154402323a827391ab570e7be2ef86855

  • SHA512

    b19656a2abdb8eb62a47d1b6158c552b602d85122522609d5a4ffbc60d8b9fb5dec5f96615414aa3c611c873c53dcd88fcbe6741a47f064f765c9c81c9b3adaa

  • SSDEEP

    6144:eSrmhQ4/bhlj1LAXNZPY2iZNhuhcLxevsdp4q:fKhQ4Dhlj12EuhfEn4

Malware Config

Targets

    • Target

      7ccedc31be55eac12d1e0e7d9ffa9296_JaffaCakes118

    • Size

      200KB

    • MD5

      7ccedc31be55eac12d1e0e7d9ffa9296

    • SHA1

      798001498bb981acc0e6f06cabded7d68f065d92

    • SHA256

      cdde8682a5a8efb3d548ab446e9b3db154402323a827391ab570e7be2ef86855

    • SHA512

      b19656a2abdb8eb62a47d1b6158c552b602d85122522609d5a4ffbc60d8b9fb5dec5f96615414aa3c611c873c53dcd88fcbe6741a47f064f765c9c81c9b3adaa

    • SSDEEP

      6144:eSrmhQ4/bhlj1LAXNZPY2iZNhuhcLxevsdp4q:fKhQ4Dhlj12EuhfEn4

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • Server Software Component: Terminal Services DLL

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks