General

  • Target

    7daadf8eb2da70f5365264a76a0a12ac_JaffaCakes118

  • Size

    178KB

  • Sample

    241030-dfk6hstna1

  • MD5

    7daadf8eb2da70f5365264a76a0a12ac

  • SHA1

    dc77386b525600f6502f81f6252cd8afae6921e8

  • SHA256

    d19b79c9ded86ed13ea7947b4dc35ecc742303c3a20246968ee771c173f51996

  • SHA512

    d6e2d131c3bb909c71092c129f7230f51aadcabe33869d585f806edc1cf21b67a8e061d87e57c3b9c431c6a26bb6f4feab51669a465a7461cfd7e1a67364e15e

  • SSDEEP

    3072:twxVMhOC/dTDbq91+mno3t4QZQ3rt8iJkW/+ZLmmCBJWqA18OGan8vdRgV1q:tTfFDbRnOTrt5Jt2ZLi+X18OGanCR6c

Malware Config

Targets

    • Target

      7daadf8eb2da70f5365264a76a0a12ac_JaffaCakes118

    • Size

      178KB

    • MD5

      7daadf8eb2da70f5365264a76a0a12ac

    • SHA1

      dc77386b525600f6502f81f6252cd8afae6921e8

    • SHA256

      d19b79c9ded86ed13ea7947b4dc35ecc742303c3a20246968ee771c173f51996

    • SHA512

      d6e2d131c3bb909c71092c129f7230f51aadcabe33869d585f806edc1cf21b67a8e061d87e57c3b9c431c6a26bb6f4feab51669a465a7461cfd7e1a67364e15e

    • SSDEEP

      3072:twxVMhOC/dTDbq91+mno3t4QZQ3rt8iJkW/+ZLmmCBJWqA18OGan8vdRgV1q:tTfFDbRnOTrt5Jt2ZLi+X18OGanCR6c

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • Server Software Component: Terminal Services DLL

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks