General

  • Target

    8158f65088430333fa746a39e5f2bfef_JaffaCakes118

  • Size

    312KB

  • Sample

    241031-dk5eysycjh

  • MD5

    8158f65088430333fa746a39e5f2bfef

  • SHA1

    490a8b4f99fada8f990b53f116ec53da783f56c1

  • SHA256

    c7af6da4413de061599a60fb541c79c31c1836306a5a47a231c9ee354584de9d

  • SHA512

    509e697ef7ebd87469cc11d0411cfc2dbf136f5c175c2e0908a64ad3b813d4eead9a4462acadc06da71d211be1f9c87f9464b2680027ded2150e4b6e40a2f4ca

  • SSDEEP

    6144:hiTyixB05L7t2J5xp34uGy4G7v4G7AWF0JP:klB05d2rxNNxJAL

Malware Config

Targets

    • Target

      8158f65088430333fa746a39e5f2bfef_JaffaCakes118

    • Size

      312KB

    • MD5

      8158f65088430333fa746a39e5f2bfef

    • SHA1

      490a8b4f99fada8f990b53f116ec53da783f56c1

    • SHA256

      c7af6da4413de061599a60fb541c79c31c1836306a5a47a231c9ee354584de9d

    • SHA512

      509e697ef7ebd87469cc11d0411cfc2dbf136f5c175c2e0908a64ad3b813d4eead9a4462acadc06da71d211be1f9c87f9464b2680027ded2150e4b6e40a2f4ca

    • SSDEEP

      6144:hiTyixB05L7t2J5xp34uGy4G7v4G7AWF0JP:klB05d2rxNNxJAL

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks