General

  • Target

    81e46be0cb151d66b5bd422528ffab37_JaffaCakes118

  • Size

    84KB

  • Sample

    241031-gns3wasbpp

  • MD5

    81e46be0cb151d66b5bd422528ffab37

  • SHA1

    d71ac138dbfa069c88e9aa239d55c94dfa088c42

  • SHA256

    61f68d3d924510e7c83516699349c45308dec2485d15bcee111ee3bb6ada5717

  • SHA512

    1c1722f9e70d2f61494a20edda32639183e357cafa3741cef8853b5a9246d63bfb5446e5166fc21dbd3baa1bffe02429947aaf03d07955b24a512953506e6d23

  • SSDEEP

    1536:Tyn/zLB79H6r7Tw9NdFJOSL+YQtfAEAif0GweFcoAjfMG8npPEe8qZJYqZRt:Tyn/zL76r7Tw9NdFJOpl3fQeFDADMG8B

Malware Config

Targets

    • Target

      81e46be0cb151d66b5bd422528ffab37_JaffaCakes118

    • Size

      84KB

    • MD5

      81e46be0cb151d66b5bd422528ffab37

    • SHA1

      d71ac138dbfa069c88e9aa239d55c94dfa088c42

    • SHA256

      61f68d3d924510e7c83516699349c45308dec2485d15bcee111ee3bb6ada5717

    • SHA512

      1c1722f9e70d2f61494a20edda32639183e357cafa3741cef8853b5a9246d63bfb5446e5166fc21dbd3baa1bffe02429947aaf03d07955b24a512953506e6d23

    • SSDEEP

      1536:Tyn/zLB79H6r7Tw9NdFJOSL+YQtfAEAif0GweFcoAjfMG8npPEe8qZJYqZRt:Tyn/zL76r7Tw9NdFJOpl3fQeFDADMG8B

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • Server Software Component: Terminal Services DLL

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks