General

  • Target

    7d0b60d0835c3add992af1524c4dec8f_JaffaCakes118

  • Size

    130KB

  • Sample

    241029-2zc61s1hnk

  • MD5

    7d0b60d0835c3add992af1524c4dec8f

  • SHA1

    9765eff5f65679692c050c773c60f90fc23c02f7

  • SHA256

    edfdb2154972ef6d6975ea991e518c70fca4b0e3cbf5232da271d8d0cf75d849

  • SHA512

    505f7982b983bdc9d323af7f0827da1188adbb7504e287221a5ede7aa3de433aeb0dfa0b89630c58774dca573a58acc71041b87501181e07d6b494bf16b660ec

  • SSDEEP

    3072:tZIezg1BjA6nNgPm4eaSbL3efn2OMO/M2RQ:0ezg1BjAQNOOb7GnoO/q

Malware Config

Targets

    • Target

      7d0b60d0835c3add992af1524c4dec8f_JaffaCakes118

    • Size

      130KB

    • MD5

      7d0b60d0835c3add992af1524c4dec8f

    • SHA1

      9765eff5f65679692c050c773c60f90fc23c02f7

    • SHA256

      edfdb2154972ef6d6975ea991e518c70fca4b0e3cbf5232da271d8d0cf75d849

    • SHA512

      505f7982b983bdc9d323af7f0827da1188adbb7504e287221a5ede7aa3de433aeb0dfa0b89630c58774dca573a58acc71041b87501181e07d6b494bf16b660ec

    • SSDEEP

      3072:tZIezg1BjA6nNgPm4eaSbL3efn2OMO/M2RQ:0ezg1BjAQNOOb7GnoO/q

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • Server Software Component: Terminal Services DLL

    • Deletes itself

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks