General

  • Target

    7e25306eb78b1f98d499a7647f299a5f_JaffaCakes118

  • Size

    196KB

  • Sample

    241030-gvg9ysxhrr

  • MD5

    7e25306eb78b1f98d499a7647f299a5f

  • SHA1

    57fe106ab647eb2e76a8d46b6da1456c8684c8e4

  • SHA256

    bd9d37c4d77b7855f06efec9b29a534ad4bd1ea2771d16eb03cbd7f4c5911b30

  • SHA512

    f6ef53de3164a458c572c10bf40a30737b19954bc6a85b1f10d08983eb3d11b25bcc3af9f4b912996a63ac19b92e4dfa69814c06bd7ff14c31f3fe5c5eb2c35d

  • SSDEEP

    6144:NdvLWxsJG+n50lJFj/6IrMC/nccVO9XGlD3PPPPPPPPPPPPPPPPPPPPPPPPPPPPN:NdisMdnSIgC0cVI+PPPPPPPPPPPPPPPl

Malware Config

Targets

    • Target

      7e25306eb78b1f98d499a7647f299a5f_JaffaCakes118

    • Size

      196KB

    • MD5

      7e25306eb78b1f98d499a7647f299a5f

    • SHA1

      57fe106ab647eb2e76a8d46b6da1456c8684c8e4

    • SHA256

      bd9d37c4d77b7855f06efec9b29a534ad4bd1ea2771d16eb03cbd7f4c5911b30

    • SHA512

      f6ef53de3164a458c572c10bf40a30737b19954bc6a85b1f10d08983eb3d11b25bcc3af9f4b912996a63ac19b92e4dfa69814c06bd7ff14c31f3fe5c5eb2c35d

    • SSDEEP

      6144:NdvLWxsJG+n50lJFj/6IrMC/nccVO9XGlD3PPPPPPPPPPPPPPPPPPPPPPPPPPPPN:NdisMdnSIgC0cVI+PPPPPPPPPPPPPPPl

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks