General

  • Target

    7d055ccb42eb596df67022c40bd9f9c8_JaffaCakes118

  • Size

    168KB

  • Sample

    241029-2tqvxsspdq

  • MD5

    7d055ccb42eb596df67022c40bd9f9c8

  • SHA1

    4594ff62de294665eaf1d40ed5c01900151e30ef

  • SHA256

    d7e1c7cd4ab384a7ee62e691d3551bfba693ab3e0d7876d8d976d04e67050478

  • SHA512

    af2ac640b5decee17c374a00836f4daa932e1b0922f2e048a0a2c48fdb21297c538fea91ee68e34322055b96ec30aa1571bb08c7c4dff23a1bfc3ea1b30a8bac

  • SSDEEP

    3072:J0U8dYKCjUTZ4A2+2YBVjYOZyG7+x7hcLxKl:a2jOZt2+2YnjYbquhcLxKl

Malware Config

Targets

    • Target

      7d055ccb42eb596df67022c40bd9f9c8_JaffaCakes118

    • Size

      168KB

    • MD5

      7d055ccb42eb596df67022c40bd9f9c8

    • SHA1

      4594ff62de294665eaf1d40ed5c01900151e30ef

    • SHA256

      d7e1c7cd4ab384a7ee62e691d3551bfba693ab3e0d7876d8d976d04e67050478

    • SHA512

      af2ac640b5decee17c374a00836f4daa932e1b0922f2e048a0a2c48fdb21297c538fea91ee68e34322055b96ec30aa1571bb08c7c4dff23a1bfc3ea1b30a8bac

    • SSDEEP

      3072:J0U8dYKCjUTZ4A2+2YBVjYOZyG7+x7hcLxKl:a2jOZt2+2YnjYbquhcLxKl

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • Server Software Component: Terminal Services DLL

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks