General

  • Target

    8173bdfafc135aa867c33525bcbbee03_JaffaCakes118

  • Size

    4.8MB

  • Sample

    241031-d24vraxmbv

  • MD5

    8173bdfafc135aa867c33525bcbbee03

  • SHA1

    4b66034fcc78184b5267b98b9644af6857f395f4

  • SHA256

    df3d4b03c2fcd0050c01e5be70962d833c960aaf937765e2a043ec4ae14bba9a

  • SHA512

    4b9f289accbce3bdce2916eda477f3c3692551c72fb24312eedbe5402e02b2e2795c4ad44c8be65cf20b99bb313de479fc5a8113e294eec107dda94ac0603cdb

  • SSDEEP

    98304:8lG4ybJ2aU8LTT8Cz43cYl80kXdEW+iD5tx20SCVRFHylfGgkWGXYgMq9V:pV2r8/T8Ck2v+iD5iCVXHyG/1BMqD

Malware Config

Targets

    • Target

      8173bdfafc135aa867c33525bcbbee03_JaffaCakes118

    • Size

      4.8MB

    • MD5

      8173bdfafc135aa867c33525bcbbee03

    • SHA1

      4b66034fcc78184b5267b98b9644af6857f395f4

    • SHA256

      df3d4b03c2fcd0050c01e5be70962d833c960aaf937765e2a043ec4ae14bba9a

    • SHA512

      4b9f289accbce3bdce2916eda477f3c3692551c72fb24312eedbe5402e02b2e2795c4ad44c8be65cf20b99bb313de479fc5a8113e294eec107dda94ac0603cdb

    • SSDEEP

      98304:8lG4ybJ2aU8LTT8Cz43cYl80kXdEW+iD5tx20SCVRFHylfGgkWGXYgMq9V:pV2r8/T8Ck2v+iD5iCVXHyG/1BMqD

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • Server Software Component: Terminal Services DLL

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

MITRE ATT&CK Enterprise v15

Tasks