General

  • Target

    7ca8890542401c164ba69bbd37432e32_JaffaCakes118

  • Size

    405KB

  • Sample

    241029-zcme3azamg

  • MD5

    7ca8890542401c164ba69bbd37432e32

  • SHA1

    dfaa40dca6dc417b1ece16c8a33f22d1f2c7f1c2

  • SHA256

    c5d80a05415403346381ae82463c3da66a3f18728de9dec978324dae869ecdd6

  • SHA512

    2c41b0e0a0a2e96d55e9db0077fd482c9b53430404611ef319bba2da63bb578eab81f8abae6b026b215f23619b81fb564ed8709693c87cb395fad4eaf06cc81e

  • SSDEEP

    12288:l+QtNj9rXDfRfFgBe+QtNj9rXDfRfFgBs:l3Nj9XL6e3Nj9XL6s

Malware Config

Targets

    • Target

      7ca8890542401c164ba69bbd37432e32_JaffaCakes118

    • Size

      405KB

    • MD5

      7ca8890542401c164ba69bbd37432e32

    • SHA1

      dfaa40dca6dc417b1ece16c8a33f22d1f2c7f1c2

    • SHA256

      c5d80a05415403346381ae82463c3da66a3f18728de9dec978324dae869ecdd6

    • SHA512

      2c41b0e0a0a2e96d55e9db0077fd482c9b53430404611ef319bba2da63bb578eab81f8abae6b026b215f23619b81fb564ed8709693c87cb395fad4eaf06cc81e

    • SSDEEP

      12288:l+QtNj9rXDfRfFgBe+QtNj9rXDfRfFgBs:l3Nj9XL6e3Nj9XL6s

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks