General

  • Target

    7cb36742d6a3f2579f43dc7500241ad9_JaffaCakes118

  • Size

    183KB

  • Sample

    241029-zrkvsazcmh

  • MD5

    7cb36742d6a3f2579f43dc7500241ad9

  • SHA1

    e43cfeb671a7224f32aaa2773a99693e991512d8

  • SHA256

    daa884c5630c159ef79bf153c3d60a1efa363fd4960c56bce59d2f81e193ecc8

  • SHA512

    06052248702af7ff3b25e03bda4893b8098ed4b41755b806a0ff35875b7b42cf9a0ce4840e176a59777ba24c231f34313cc9be732ebc9de361285616ac017d01

  • SSDEEP

    3072:bMqKbTtCSIT0chwzzcdZKF8UvvoeWofjjpAVioRF8s//NLj6h+EvtRG:o9MMmwzlqUHoeWofjjpAViY/lH6h+EvG

Malware Config

Targets

    • Target

      7cb36742d6a3f2579f43dc7500241ad9_JaffaCakes118

    • Size

      183KB

    • MD5

      7cb36742d6a3f2579f43dc7500241ad9

    • SHA1

      e43cfeb671a7224f32aaa2773a99693e991512d8

    • SHA256

      daa884c5630c159ef79bf153c3d60a1efa363fd4960c56bce59d2f81e193ecc8

    • SHA512

      06052248702af7ff3b25e03bda4893b8098ed4b41755b806a0ff35875b7b42cf9a0ce4840e176a59777ba24c231f34313cc9be732ebc9de361285616ac017d01

    • SSDEEP

      3072:bMqKbTtCSIT0chwzzcdZKF8UvvoeWofjjpAVioRF8s//NLj6h+EvtRG:o9MMmwzlqUHoeWofjjpAViY/lH6h+EvG

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks