General

  • Target

    81398ede98e5ed4a258df4d95167bd2b_JaffaCakes118

  • Size

    216KB

  • Sample

    241031-cy9fdsypgp

  • MD5

    81398ede98e5ed4a258df4d95167bd2b

  • SHA1

    450a9ae08404d6509c69c84a432beb61b26b6e69

  • SHA256

    e0883b9aee2697bbdddb4705fd68f410cc7b56f54cce62d84d72de77304e84ed

  • SHA512

    83dab010024d3062584b28e9bf05418e06525268ababbcc4c281b912b2bde17de7785d308a40fde7f7452b77672d661910d1cc5c0cb2c6da51dd1de18c1b2985

  • SSDEEP

    6144:sMIjjpISTju17N7WH41LHpXiLM2vj0HDqCOoeygOgu5k0c:fIj6ST07EYD9u6eygUk

Malware Config

Targets

    • Target

      ZZZVMP~1.EXE

    • Size

      250KB

    • MD5

      a5604e31ed5ae25df2dfe72af47d8e15

    • SHA1

      930320b599e50305475ba3c77f1c84ce234d4fa4

    • SHA256

      edcf12512c0b2cbb1c5680ffd56ea020ac5723e7fcf476272bd20315fa18d6cc

    • SHA512

      8d9936e1599ea1748aae0212a1efa5dbb23365c6cfceba8c2a8f47554e4d5ddcddb317bca4c6489a9e824e064a5d5d3fe0448da54e8029952f747c86daa31346

    • SSDEEP

      6144:q/kuouETjkfHN7VH4tFHpXmLM2vj0jJNbLoJt0wy0Y6Osh:qJ7ETQHfY1FLoJlnHh

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks